Orgs that still daftly run Ivanti kit and didn't patch for CVE-2026-1281 (which is likely most b/c if you're still running Ivanti you have no idea how to do cyber or IT) are gonna have a really bad day today or later this week once they realize what happened to them over the weekend.

🚨 CRITICAL: CVE-2026-1868 in GitLab AI Gateway (18.1.6 – 18.8.0) allows remote code execution or DoS via Duo Workflow Service. Patch to 18.6.2, 18.7.1, or 18.8.1. Restrict workflow access & monitor for abuse! https://radar.offseq.com/threat/cve-2026-1868-cwe-1336-improper-neutralization-of--f5bf4abe #OffSeq #GitLab #Vuln #CVE20261868

CVE-2026-2103 - Infor Syteline ERP

https://blog.blacklanternsecurity.com/p/cve-2026-2103-infor-syteline-erp

#cybersecurity #vulnerability

IT management software company SmarterTools was hit by a ransomware attack through an unpatched vulnerability in its own SmarterMail product, specifically CVE-2026-24423. The attack, attributed to the Warlock ransomware group, impacted the company's office network and a data center, but not its public-facing website or customer portal. SmarterTools has since patched the vulnerability and advises customers to update their SmarterMail instances immediately.
https://www.securityweek.com/smartertools-hit-by-ransomware-via-vulnerability-in-its-own-product/

Global news highlights include the kickoff of the 2026 Winter Olympics in Italy (Feb 7). In technology, OpenAI launched its Frontier enterprise AI agent platform. Apple acquired AI startup Q.AI for $2B, while Google reported significant AI-driven profit gains. Intel and AMD warned of server CPU shortages impacting China due to AI demand. The EU is also scrutinizing TikTok's "addictive design".

Cybersecurity saw CISA warn of a critical SmarterMail vulnerability (CVE-2026-24423) actively exploited in ransomware campaigns (Feb 7). Italian authorities thwarted Russian cyberattacks targeting government and Olympic-related websites. A rise in AI-driven phishing attacks was also reported.

#News #Anonymous #AnonNews_irc

Here's a summary of the latest technology and cybersecurity news from the last 24-48 hours:

Major tech firms globally plan to invest over $650 billion in AI infrastructure this year. OpenAI has launched "Frontier," a new enterprise platform for AI agents.

In cybersecurity, CISA mandated US federal agencies replace unsupported edge devices within 18 months due to state-sponsored exploitation. Russia's APT28 targeted European entities with a new Microsoft Office exploit. A critical SmarterMail flaw (CVE-2026-24423) is actively exploited in ransomware attacks. (Feb 6-7, 2026).

#News #Anonymous #AnonNews_irc

Hat tip to @JohnHammond @gleeda @russianpanda9xx et al

https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399

🚨 CVE-2026-22904 (CRITICAL, CVSS 9.8): WAGO 0852-1322 vulnerable to stack-based buffer overflow via oversized HTTP cookies. RCE & DoS possible. Isolate devices, monitor traffic, deploy WAF/IPS. No patch yet. https://radar.offseq.com/threat/cve-2026-22904-cwe-121-stack-based-buffer-overflow-f7b2d93e #OffSeq #ICS #Vuln

#OT #Advisory VDE-2026-004
WAGO: Vulnerabilities in Managed Switch

Several vulnerabilities have been identified in the WAGO 852‑1328 device's web‑based management interface, which is implemented using a modified lighttpd server and custom CGI binaries. These issues include multiple stack buffer overflows, an authentication bypass, and insecure credential storage.
#CVE CVE-2026-22906, CVE-2026-22904, CVE-2026-22903, CVE-2026-22905

https://certvde.com/en/advisories/vde-2026-004/

#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-004.json

🚨 CVE-2026-22906 (CRITICAL, CVSS 9.8): WAGO 0852-1322 uses a hardcoded AES key, letting unauthenticated attackers decrypt credentials from config files. No patch yet. Restrict access, segment networks, monitor closely! https://radar.offseq.com/threat/cve-2026-22906-cwe-321-use-of-hard-coded-cryptogra-e9045210 #OffSeq #ICS #OTSecurity

#OT #Advisory VDE-2026-004
WAGO: Vulnerabilities in Managed Switch

Several vulnerabilities have been identified in the WAGO 852‑1328 device's web‑based management interface, which is implemented using a modified lighttpd server and custom CGI binaries. These issues include multiple stack buffer overflows, an authentication bypass, and insecure credential storage.
#CVE CVE-2026-22906, CVE-2026-22904, CVE-2026-22903, CVE-2026-22905

https://certvde.com/en/advisories/vde-2026-004/

#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-004.json

"Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation.

The activity, observed around December 25, 2025, and described as "worm-driven," leveraged exposed Docker APIs, Kubernetes clusters, Ray dashboards, and Redis servers, along with the recently disclosed React2Shell (CVE-2025-55182, CVSS score: 10.0) vulnerability. The campaign has been attributed to a threat cluster known as TeamPCP (aka DeadCatx3, PCPcat, PersyPCP, and ShellForce).

TeamPCP is known to be active since at least November 2025, with the first instance of Telegram activity dating back to July 30, 2025. The TeamPCP Telegram channel currently has over 700 members, where the group publishes stolen data from diverse victims across Canada, Serbia, South Korea, the U.A.E., and the U.S. Details of the threat actor were first documented by Beelzebub in December 2025 under the name Operation PCPcat.

"The operation's goals were to build a distributed proxy and scanning infrastructure at scale, then compromise servers to exfiltrate data, deploy ransomware, conduct extortion, and mine cryptocurrency," Flare security researcher Assaf Morag said in a report published last week."

https://thehackernews.com/2026/02/teampcp-worm-exploits-cloud.html

#CyberSecurity #TeamPCP #Ransomware #CloudComputong #Cryptocurrencies

⚠️ HIGH-severity OS command injection (CVE-2026-2210) in D-Link DIR-823X v250416 — remote, unauthenticated code execution possible. Patch firmware or restrict admin access now. European orgs: prioritize response! https://radar.offseq.com/threat/cve-2026-2210-os-command-injection-in-d-link-dir-8-a510703e #OffSeq #Vuln #DLink