Critical Zero-Days in Dell and Chrome Actively Exploited; CISA Issues Urgent Patch Alerts

Dell Patches Critical RecoverPoint Zero-Day (CVE-2026-22769) Actively Exploited by China-Nexus Group UNC6201

Dell has released an emergency patch for a critical, maximum-severity vulnerability (CVE-2026-22769) in its RecoverPoint for Virtual Machines appliance. The flaw, a case of hardcoded credentials, has been actively exploited by a suspected Chinese cyberespionage group (UNC6201) since mid-2024. Attackers leveraged the CVSS 10.0 vulnerability to gain root access, deploy webshells, and install multiple backdoors, including the novel GRIMBOLT malware. The long-term exploitation allowed the threat actor to maintain persistence and conduct lateral movement within victim networks.

zero-dayhardcoded credentialscyberespionageVMwarebackup security +1 more

6 min read

Dell Zero-Day Exploited for Two Years by Chinese Spies to Steal Data

Google Scrambles to Patch First Actively Exploited Chrome Zero-Day of 2026

Google Releases Emergency Patch for Actively Exploited Chrome Zero-Day CVE-2026-2441

Google has issued an urgent security update for its Chrome web browser to fix a high-severity zero-day vulnerability, CVE-2026-2441. The flaw, a use-after-free bug in the browser's CSS component, is confirmed to be actively exploited in the wild. Successful exploitation allows a remote attacker to execute arbitrary code simply by tricking a user into visiting a malicious webpage. All users are urged to update their browsers immediately.

zero-dayuse-after-freebrowser securitychromiumGoogle Chrome

Google Scrambles to Patch First Actively Exploited Chrome Zero-Day of 2026

‘Zero-Knowledge’ Password Managers Not So Secure, Study Finds

ETH Zurich Study Reveals Architectural Flaws in Bitwarden, LastPass, and Dashlane, Challenging "Zero-Knowledge" Claims

A new study by researchers at ETH Zurich has uncovered significant architectural weaknesses in popular cloud-based password managers, including Bitwarden, LastPass, and Dashlane. The research challenges the "zero-knowledge" encryption promises made by these vendors, demonstrating 27 distinct attack scenarios where a malicious or compromised server could access or alter passwords in a user's encrypted vault. The attacks exploit weaknesses in features like account recovery and data synchronization rather than breaking the underlying cryptography.

password managerzero knowledgesecurity researchencryptionBitwarden +1 more

‘Zero-Knowledge’ Password Managers Not So Secure, Study Finds

CISA KEV Alert: Patch Now for Exploited Flaws in SolarWinds, Microsoft, Notepad++, and Apple

HIGH

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Mandating Federal Patching

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The flaws affect a wide range of popular products: SolarWinds Web Help Desk (CVE-2025-40536), Microsoft Configuration Manager (CVE-2024-43468), Notepad++ (CVE-2025-15556), and multiple Apple operating systems (CVE-2026-20700). Federal agencies are now under a binding directive to patch these vulnerabilities by their respective deadlines.

KEVCISApatch managementvulnerability managementSolarWinds +1 more

CISA KEV Alert: Patch Now for Exploited Flaws in SolarWinds, Microsoft, Notepad++, and Apple

New ClickFix Attack Abuses DNS 'nslookup' for Stealthy Malware Delivery

Microsoft Warns of Novel ClickFix Variant Using DNS Queries to Deploy ModeloRAT Trojan

Microsoft Threat Intelligence has uncovered a new variant of the 'ClickFix' social engineering attack that uses DNS queries as a covert channel for malware delivery. Victims are tricked into running an 'nslookup' command that queries an attacker-controlled DNS server. The malware payload, a PowerShell script, is embedded in the DNS response, allowing it to bypass some web-based security filters. The attack chain ultimately deploys the ModeloRAT remote access trojan.

ClickFixDNS tunnelingsocial engineeringModeloRATPowerShell +1 more

New ClickFix Attack Abuses DNS 'nslookup' for Stealthy Malware Delivery

Microsoft 365 Admin Center Outage in North America Investigated as Security Event

Microsoft Investigates M365 Admin Center Outage as Security Event Amid Disruption for North American Users

A significant service disruption on February 10, 2026, that prevented IT administrators across North America from accessing the Microsoft 365 admin center, is reportedly being investigated as a security event. The outage, which also affected the M365 mobile app, blocked administrators from performing critical user management and security tasks, raising concerns about the incident's root cause and whether it was the result of malicious activity.

outageMicrosoft 365cloud securityincident responseM365

Microsoft 365 Admin Center Outage in North America Investigated as Security Event

New 'Keenadu' Android Backdoor Injects into Core Zygote Process, Links Major Botnets

HIGH

Sophisticated 'Keenadu' Android Backdoor Discovered in Firmware and Google Play Apps

Kaspersky researchers have discovered a highly sophisticated Android backdoor named "Keenadu." The malware is being distributed through two alarming vectors: pre-installed in device firmware via supply chain compromise, and through malicious apps on the Google Play Store. Keenadu's primary malicious action is to inject itself into the Android Zygote process, the parent of all applications, giving it pervasive access and control. The investigation also exposed operational links between Keenadu and the notorious Triada and BADBOX malware families.

Android malwarefirmware attacksupply chainbotnetZygote +1 more

New 'Keenadu' Android Backdoor Injects into Core Zygote Process, Links Major Botnets

Panasonic Launches World-First Cybersecurity Monitoring Trial for Grid-Scale Battery Storage Systems

INFORMATIONAL

Panasonic Trials World's First Cybersecurity Monitoring for Grid-Scale Battery Energy Storage Systems (BESS)

Panasonic Holdings Corporation has announced the start of what it calls the world's first cybersecurity monitoring trial for grid-scale Battery Energy Storage Systems (BESS). This pioneering initiative aims to develop and validate a system for detecting intrusions and unauthorized commands within the BESS's internal operational technology (OT) network, moving beyond conventional perimeter defenses to secure critical energy infrastructure.

BESSICS securityOT securitycritical infrastructurePanasonic +1 more

3 min read

Panasonic Launches World-First Cybersecurity Monitoring Trial for Grid-Scale Battery Storage Systems

Fake 7-Zip Website Tricks Users, Turns PCs into Malicious Proxy Nodes

HIGH

Trojanized 7-Zip Installer from Lookalike Site Secretly Installs Proxyware

A malicious campaign is leveraging a lookalike domain, 7zip[.]com, to distribute a trojanized installer for the popular 7-Zip file archiving utility. The installer, signed with a now-revoked digital certificate, provides a functional version of 7-Zip to avoid suspicion, but also silently installs proxyware. This malware turns the victim's computer into a residential proxy node, allowing threat actors to route their traffic through the victim's IP address for nefarious activities.

trojanproxyware7-Zipdomain impersonationtyposquatting

Fake 7-Zip Website Tricks Users, Turns PCs into Malicious Proxy Nodes

New 'AI-in-the-Middle' Attack Turns Microsoft Copilot and Grok into C2 Channels

Researchers Detail "AI-in-the-Middle" Attack Abusing AI Assistants for Covert C2

Security researchers have detailed a novel command-and-control (C2) technique dubbed "AI-in-the-Middle." This method allows malware on a compromised system to use legitimate, web-connected enterprise AI assistants, such as Microsoft Copilot, as a proxy to relay commands. The technique effectively hides malicious C2 traffic within the seemingly benign and trusted communications to AI platforms, posing a significant detection challenge for network security tools.

AI securityC2command and controlMicrosoft Copilotevasion +1 more

New 'AI-in-the-Middle' Attack Turns Microsoft Copilot and Grok into C2 Channels

"Shadow Persistence" Rootkit Targets Cisco Edge Devices, Survives Factory Resets

New 'Shadow Persistence' Firmware Rootkit Targets Cisco IOS XE Devices in Espionage Campaign

A sophisticated espionage campaign is actively targeting critical infrastructure and government agencies by exploiting a new vulnerability in Cisco's IOS XE software. Attackers are using the flaw to install a powerful firmware rootkit, dubbed "Shadow Persistence," on network edge routers. This rootkit is exceptionally dangerous because it is installed directly into the device's firmware, allowing it to survive reboots and even factory resets, making it nearly impossible to remove through standard procedures.

rootkitfirmwareCiscoIOS XEespionage +1 more

"Shadow Persistence" Rootkit Targets Cisco Edge Devices, Survives Factory Resets

Updated Articles (1)

BeyondTrust Patches Critical 9.9 CVSS RCE Zero-Day in Remote Access Tools

Updated: February 17, 2026

BeyondTrust Patches Critical 9.9 CVSS Zero-Day (CVE-2026-1731) in Remote Support and Privileged Remote Access Products

Update:

The critical BeyondTrust RCE vulnerability (CVE-2026-1731) is now being actively exploited in the wild, a significant escalation from its initial disclosure. Following the public release of a proof-of-concept (PoC) exploit on February 10, 2026, widespread scanning and exploitation attempts have been observed. Consequently, CISA has added CVE-2026-1731 to its Known Exploited Vulnerabilities (KEV) catalog on February 13, 2026, mandating federal agencies to patch by February 16, 2026. This development underscores the urgent need for all on-premises BeyondTrust users to apply patches immediately to prevent system compromise.

February 9, 2026