Multiple critical vulnerabilities (CVE-2026-25715, CVE-2026-24455, CVE-2026-26049, CVE-2026-26048) in the Jinan USR IOT PUSR USR-W610 (…
Tag: CRITICAL INFRASTRUCTURE
![Cybersecurity News | Daily Recap [20 Feb 2026]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [20 Feb 2026]")
Daily Recap, Android and AI malware like PromptSpy are using Gemini at runtime to control UI actions, deploy a VNC module, steal unlock credentials, and prevent uninstallation. Infostealers are becoming key entry points linked to Bitter APT, Volt Typhoon remains embedded in US utilities, and ransomware incidents target Advantest and tribal services, highlighting ongoing risks to critical infrastructure and government services. #PromptSpy #VoltTyphoon
A missing-authentication vulnerability (CVE-2026-24790) in Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller could allow unauthorized actions that result in over- or under-odorization events. CISA rates this issue CVSS v3 8.2 and recommends isolating control networks, minimizing internet exposure, using updated VPNs and firewalls, and following ICS defense-in-depth guidance to…
AI is actively reshaping cyber risk, driving AI-powered ad fraud, deepfake incidents, and novel malware events while regulators and enterprises race to respond in real time. This weekly roundup highlights AI-driven ghost click ad fraud, the Ireland GDPR probe into X’s Grok, and a suspected ransomware incident at Advantest, underscoring the…
Lotus Blossom is a long-running, China-attributed APT that evolved from spear-phishing and watering-hole campaigns into sophisticated supply-chain compromises and targeted espionage using custom implants like Elise, Sagerunex, Hannotog, and Chrysalis. The group’s Notepad++ update-channel compromise and prior attacks against diplomatic, military, and maritime infrastructure demonstrate a “low-and-slow” intelligence collection approach emphasizing DLL sideloading, living-off-the-land techniques, and clandestine persistence. #LotusBlossom #Chrysalis
Dragos reports that Chinese-linked threat actor Volt Typhoon continued compromising U.S. utilities through 2025, embedding in operational technology networks to pre-position for disruptive attacks. Researchers warn many compromises—especially in smaller water-sector utilities—may never be found, with initial access groups like SYLVANITE handing breaches to Volt Typhoon. #VoltTyphoon #SYLVANITE…
AhnLab’s January 2026 report summarizes ransomware activity and the number of affected systems using AhnLab diagnostic names and data collected from Dedicated Leak Sites (DLS). The report highlights notable attacks against critical infrastructure sectors (manufacturing, healthcare, finance), continued activity from existing groups and emergence of new groups, and notes a change…
Dragos’ 2025 report warns that three new OT-focused threat groups emerged while a Beijing-linked crew continued compromising cellular gateways, routers, and US electric, oil, and gas networks. The report details Voltzite’s long-term embedding in utility control systems, use of Sierra Wireless AirLink devices and the JDY botnet, and the roles of…
Daily Recap, the latest cyber threats cover exploited zero-days like Dell RecoverPoint CVE-2026-22769 used by UNC6201 to deploy GRIMBOLT/SLAYSTYLE with Ghost NICs, and a spectrum of high-impact flaws, supply-chain breaches, and targeted espionage campaigns. The recap also notes active exploitation of TeamT5 CVE-2024-7694, Ivanti EPMM backdoors bypassing patches, Keenadu firmware backdoors, CrescentHarvest espionage, and AI/Cloud risks including Copilot as C2 and Grok deepfakes, plus notable data leaks and enforcement actions. #UNC6201 #GRIMBOLT #SLAYSTYLE #DellRecoverPoint #TeamT5 #IvantiEPMM #Keenadu #CRESCENTHARVEST #Copilot #Grok #Eurail #Cellebrite #DavaIndia #Notepad++ #Chrysalis #PaloAltoNetworks #Koi #VulnCheck
Attack Discovery, Workflows, and Agent Builder were combined to automatically detect, confirm, and triage a Chrysalis backdoor campaign delivered via a Notepad++ update supply-chain compromise, collapsing dozens of alerts into a single verified incident and creating a case and Slack channel with on-call responders already added. The automation verified C2, performed VirusTotal checks, ran ES|QL hunts, and executed incident actions (isolation, user suspension, IOC sweeps) in under four minutes instead of hours. #Chrysalis #LotusBlossom
CISA warns of a critical 9.8-severity vulnerability (CVE-2026-1670) in multiple Honeywell CCTV products that allows unauthenticated attackers to change recovery emails and take over camera accounts. The flaw stems from an exposed unauthenticated API endpoint affecting several mid-level Honeywell camera models; users should minimize network exposure and contact Honeywell support for patch guidance. #Honeywell #CVE-2026-1670
Check Point Research demonstrates that AI assistants with web-browsing and URL-fetch capabilities (e.g., Grok and Microsoft Copilot) can be abused as covert command-and-control relays by having the model fetch attacker-controlled URLs and return responses, enabling bidirectional C2 without API keys or accounts. This technique can be combined with WebView2-based implants and prompt-driven workflows to create AI-Driven malware that dynamically decides actions, prioritizes targets and data, and evades traditional detection controls. #Grok #MicrosoftCopilot
Mobi UZ (UMS), a major Uzbek telecom operator, reportedly suffered a full compromise of its local corporate network affecting roughly 280 Active Directory-joined machines and granting attackers administrative control over critical systems such as SMS gateways, Veeam replication servers, mail systems, billing services, MYID facial recognition, and on-premises Minio S3 repositories….
Polish police arrested a 47-year-old man in Małopolska for alleged involvement with the Phobos ransomware operation after finding encrypted communications during raids coordinated in Katowice and Kielce, and he now faces up to five years in prison. International law enforcement actions under Operation Aether have disrupted Phobos and its spinoff 8Base—linked…
Industrial Control Systems (ICS) remain highly vulnerable because decades‑old hardware, outdated protocols, and operators’ inability to accept downtime prevent effective patching and replacement amid growing nation‑state pre‑positioning and ransomware pressure. To build long‑term resilience in 2026, experts recommend OT‑aware zero trust, identity‑centric controls, microsegmentation, continuous threat exposure management (CTEM), supply‑chain transparency,…