Daily Digest

CISA Warns of Actively Exploited SmarterMail RCE Flaw; BridgePay Payment Gateway Crippled by Ransomware

CISA Warns of Actively Exploited SmarterMail RCE Flaw; BridgePay Payment Gateway Crippled by Ransomware

February 8, 2026
7 articles (5 new, 2 updated)
21 min read

Summary

A critical, actively exploited RCE vulnerability (CVE-2026-24423) in SmarterMail has been added to CISA's KEV catalog, fueling ransomware attacks. Concurrently, a major ransomware incident has crippled the BridgePay payment gateway, causing nationwide outages for merchants. Other significant developments in the past 24 hours include CISA mandating the removal of unsupported edge devices from federal networks, attribution of a Notepad++ supply chain attack to a Chinese APT, and the discovery of a new EDR-killing malware that abuses a decade-old driver.

Filter by Category

New Articles (5)

Nationwide Outage: BridgePay Payment Gateway Confirms Ransomware Attack Crippled Production Systems

CRITICAL

BridgePay Confirms Ransomware Attack Responsible for Crippling Nationwide Payment Gateway Outage

U.S. payment gateway provider BridgePay Network Solutions has confirmed a ransomware attack was the cause of a massive service outage that began on February 6, 2026. The attack took down numerous production systems, including the BridgePay Gateway API, virtual terminals, and hosted payment pages, disrupting credit and debit card processing for merchants across the United States in sectors like retail, hospitality, and government. Many businesses were forced to revert to cash-only operations. BridgePay has engaged the FBI and U.S. Secret Service. While the company states that an initial investigation suggests no usable payment card data was exposed due to encryption, a timeline for full service restoration has not been provided, and the process is expected to be lengthy.

February 8, 2026
4 min read
RansomwareBridgePayPayment GatewayCyberattackOutage +1 more
Nationwide Outage: BridgePay Payment Gateway Confirms Ransomware Attack Crippled Production Systems
Ransomware
Cyberattack
Data Breach

EDR-Killer Malware Weaponizes Decade-Old EnCase Driver in BYOVD Attacks

HIGH

Attackers Abuse Revoked EnCase Driver ('EnPortv.sys') in BYOVD Attack to Disable EDR and Deploy Ransomware

Threat actors are using a new EDR-killing malware that leverages a 'Bring Your Own Vulnerable Driver' (BYOVD) technique to disable endpoint security products. Researchers at Huntress discovered the malware during an intrusion that began with compromised SonicWall SSL VPN credentials. The attackers abuse `EnPortv.sys`, a legitimate but long-revoked kernel driver from Guidance Software's EnCase forensic toolkit. Despite its certificate being revoked in 2010, a gap in Windows' driver signature enforcement allows it to be loaded, granting the attackers kernel-level privileges. The malware uses these privileges to terminate 59 different processes associated with major EDR vendors like CrowdStrike, SentinelOne, and Microsoft, clearing the way for ransomware deployment.

February 8, 2026
4 min read
BYOVDEDRMalwareRansomwareEnCase +3 more
EDR-Killer Malware Weaponizes Decade-Old EnCase Driver in BYOVD Attacks
Malware
Ransomware
Threat Actor

U.S. Finalizes Ban on Chinese and Russian Tech in Connected Vehicles, Forcing Massive Supply Chain Overhaul

MEDIUM

U.S. Finalizes Regulations Banning Chinese and Russian Technology from Connected Vehicles Starting with 2027 Models

The United States has finalized new regulations from the Commerce Department that will ban hardware and software from China and Russia in connected vehicles sold in the U.S. The rules are designed to mitigate national security risks, preventing foreign adversaries from collecting sensitive data or manipulating vehicle functions. The ban will be phased in, starting with software for the 2027 model year and extending to hardware by 2029. The auto industry is facing what is being called 'one of the most consequential and complex auto regulations in decades,' forcing a massive and difficult overhaul of their deeply embedded global software and hardware supply chains.

February 8, 2026
4 min read
PolicyRegulationAutomotiveConnected VehicleSupply Chain +3 more
U.S. Finalizes Ban on Chinese and Russian Tech in Connected Vehicles, Forcing Massive Supply Chain Overhaul
Policy and Compliance
Regulatory
Supply Chain Attack

European Commission Contains Cyberattack on its Mobile Device Management (MDM) System

MEDIUM

European Commission Responds to Cyberattack on Central Mobile Device Management Infrastructure

The European Commission disclosed on February 5, 2026, that it had identified and contained a cyberattack against its central infrastructure for managing mobile devices. The attack, detected on January 30, was reportedly contained and the system cleaned within nine hours. The Commission stated that the incident may have resulted in unauthorized access to some staff names and mobile numbers, but there is no evidence that any mobile devices themselves were compromised. The incident comes shortly after the Commission proposed a new, comprehensive cybersecurity package (CSA2) to strengthen security across the EU.

February 8, 2026
3 min read
European CommissionCyberattackMDMMobile SecurityIncident Response +1 more
European Commission Contains Cyberattack on its Mobile Device Management (MDM) System
Cyberattack
Incident Response
Mobile Security

Malicious VS Code Extension 'ClawdBot Agent' Deployed ScreenConnect RAT via Marketplace

HIGH

Fake 'ClawdBot Agent' Extension in Visual Studio Code Marketplace Deployed RAT Malware

A malicious extension named 'ClawdBot Agent' was discovered in the official Visual Studio Code Marketplace, impersonating a popular AI coding assistant to trick developers. The trojanized extension was fully functional, helping it evade suspicion while its malicious payload executed in the background upon VS Code launch. The attack chain fetched a remote configuration file that initiated the deployment of a weaponized version of the legitimate remote support tool, ConnectWise ScreenConnect, effectively turning it into a Remote Access Tool (RAT). This gave attackers full remote control over compromised developer machines. The extension was quickly removed by Microsoft, but the incident highlights the growing risk of supply chain attacks targeting developer ecosystems.

February 8, 2026
4 min read
Supply Chain AttackVS CodeMalwareRATScreenConnect +1 more
Malicious VS Code Extension 'ClawdBot Agent' Deployed ScreenConnect RAT via Marketplace
Supply Chain Attack
Malware
Cloud Security

Updated Articles (2)

EU Proposes Revised Cybersecurity Act to Bolster Supply Chain Security & ENISA's Role

INFORMATIONAL

European Commission Proposes Revisions to Strengthen EU Cybersecurity Act and NIS2 Directive

Update:

The EU's proposed revised Cybersecurity Act (referred to as CSA2) and NIS2 Directive amendments are now seen within a global push for stricter cyber regulations. This includes Hong Kong's planned mandatory data breach reporting and new US rules for critical infrastructure and public companies. Enforcement of NIS2 and the Digital Operational Resilience Act (DORA) is intensifying, compelling financial services and critical sector organizations to adopt more dynamic incident response frameworks and standardized reporting, highlighting a broader regulatory shift towards greater accountability and transparency.

January 28, 2026
Updated: February 8, 2026
4 min read
EUCybersecurity ActNIS2regulationcompliance +2 more
EU Proposes Revised Cybersecurity Act to Bolster Supply Chain Security & ENISA's Role
Policy and Compliance
Regulatory
Supply Chain Attack

CISA Adds Critical SmarterMail RCE Flaw to KEV Catalog Amid Active Ransomware Attacks

CRITICAL

CISA Mandates Patch for Actively Exploited SmarterMail RCE Vulnerability (CVE-2026-24423) Used in Ransomware Campaigns

Update:

Further analysis of the critical SmarterMail RCE (CVE-2026-24423) reveals a CVSS score of 9.3, underscoring its severe impact. The vulnerability, actively exploited by ransomware groups, affects an estimated 15 million users globally, often managed by MSPs and hosting providers. The specific vulnerable API endpoint is clarified as `/api/v1/settings/connect-to-hub`, allowing unauthenticated attackers to execute arbitrary commands. Organizations are urged to update to build 9511 or later immediately to mitigate the high risk of compromise and data exfiltration.

February 7, 2026
Updated: February 8, 2026
5 min read
RCEUnauthenticatedKEVEmail ServerAPI Security +1 more
CISA Adds Critical SmarterMail RCE Flaw to KEV Catalog Amid Active Ransomware Attacks
Vulnerability
Ransomware
Patch Management

📢 Share This Publication

Help others stay informed about cybersecurity threats