February Patch Tuesday delivers 57 packages
After January’s deluge, a calmer update volume returns
Similar Posts
Former CISA director Chris Krebs vows to fight back against Trump-ordered federal investigation
Bys sZack Whittaker reports: Former top Trump cybersecurity official Chris Krebs told The Wall Street Journal in an interview on Wednesday that he vowed to fight back against a federal investigation ordered into him by President Trump. Krebs said in the interview that he will resign from his position at cybersecurity firm SentinelOne in order to challenge the federal investigation, which…
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
Bys sThe cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the “tj-actions/changed-files” GitHub Action has been traced further back to the theft of a personal access token (PAT) related to SpotBugs. “The attackers obtained initial access by taking advantage of the GitHub Actions workflow of SpotBugs, a…
Under Pressure: Exploring the effect of legal and criminal threats on security researchers and journalists
Bys s“Dissent Doe,” DataBreaches.net admin@databreaches.net Zack Whittaker, this.weekinsecurity.com this@weekinsecurity.com February 2026. [Download .pdf version] Key takeaways Three-quarters of respondents in a pilot survey of journalists and security researchers reported receiving one or more threats due to their work; one-quarter reported never receiving any threats. Overall, half of the respondents reported receiving at least one legal threat…….
Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials
Bys sWeb infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to “certain” internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used by an employee at the company. “The attacker used that access to take over the employee’s…
SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits
Bys sCybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat (IRC) communication protocol for command-and-control (C2) purposes. “The toolset blends stealth helpers with legacy-era Linux exploitation: Alongside log cleaners (utmp/wtmp/lastlog tampering) and rootkit-class artifacts, the actor keeps a large back-catalog of
DHS Disbands Cyber Safety Review Board, Ending One of CISA’s Few Bright Spots
Bys sThe Trump administration has disbanded the Cyber Safety Review Board (CSRB), ending one of the few bright spots at CISA. The post DHS Disbands Cyber Safety Review Board, Ending One of CISA’s Few Bright Spots appeared first on SecurityWeek.