Fed agencies ordered to patch Dell bug by Saturday after exploitation warning
(Jonathan Greig – The Record) A Chinese state-backed hacking group is targeting Dell customers with a zero-day vulnerability impacting a popular line of operational and disaster recovery tools. Dell and Google released notices on Tuesday about CVE-2026-22769, warning that a sophisticated Chinese actor has been targeting the bug since at least mid-2024. Dell’s advisory said the vulnerability carries a severity score of 10 out of 10 and provided fixes for the issue. The advisory notes Google’s findings of “limited active exploitation.” Google-owned security firm Mandiant published its own lengthy blog about the vulnerability and the attacks that resulted from it. Mandiant said the activity was targeted at organizations across North America. – https://therecord.media/fed-agencies-ordered-to-patch-dell-bug-after-exploitation-warning
Texas sues TP-Link, alleging it allows China to hack into routers
(Suzanne Smalley, Jonathan Greig – The Record) Texas is suing networking equipment company TP-Link Systems for allegedly allowing the Chinese Communist Party (CCP) to hack into consumers’ devices even as it promised consumers strong security and privacy protections. Attorney General Ken Paxton announced the lawsuit on Monday and said it is the first of several that will be filed this week against companies affiliated with the CCP. In December, Paxton sued the Chinese television manufacturers Hisense and TCL, alleging that they capture what consumers watch in real time and could be allowing the data to be harvested by China. – https://therecord.media/texas-sues-tp-link-china-allegations
Nearly 1 Million User Records Compromised in Figure Data Breach
(Eduard Kovacs – SecurityWeek) Nearly 1 million user records have been compromised in a data breach at blockchain-powered lender Figure Technology Solutions. The company confirmed to TechCrunch that it suffered a data breach after an employee fell victim to a social engineering attack, saying the attackers obtained a limited number of files. The ShinyHunters hacker group took credit for the attack on Figure. On its Tor-based leak website the cybercrime group made available more than 2.4GB of archive files allegedly containing data stolen from the company. – https://www.securityweek.com/nearly-1-million-user-records-compromised-in-figure-data-breach/
German Rail Giant Deutsche Bahn Hit by Large-Scale DDoS Attack
(Eduard Kovacs – SecurityWeek) Deutsche Bahn, Germany’s national rail operator, has been dealing with a large-scale distributed denial-of-service (DDoS) attack that has disrupted some of its IT systems. Regular status updates from Deutsche Bahn indicated that the attack began on February 17 and continued into February 18. According to the rail giant, the attack came in waves and its scale is substantial. The DDoS attack disrupted Deutsche Bahn’s information and ticketing systems, including its websites and the DB Navigator app. – https://www.securityweek.com/german-rail-giant-deutsche-bahn-hit-by-large-scale-ddos-attack/
Intellexa’s Predator spyware infected Angolan journalist’s device, Amnesty reports
(Pierluigi Paganini – Security Affairs) Amnesty International reports that in May 2024, Intellexa’s Predator spyware infected the iPhone of Teixeira Cândido, an Angolan journalist and press freedom advocate, after he opened a malicious link sent via WhatsApp. This incident highlights how attackers actively target journalists for surveillance. Predator is a powerful mobile spyware by Intellexa, sold to governments for surveillance. Investigations over five years documented abuses worldwide, despite Intellexa rebranding and shifting its corporate structure. The Angola case marks the first confirmed Predator attack there, showing the spyware remained active through 2025. Amnesty International and partners exposed Intellexa’s operations, but the responsible customers remain unknown. – https://securityaffairs.com/188215/malware/intellexas-predator-spyware-infected-angolan-journalists-device-amnesty-reports.html
French Ministry confirms data access to 1.2 Million bank accounts
(Pierluigi Paganini – Security Affairs) A hacker gained access to data from 1.2 million French bank accounts using stolen credentials belonging to a government official, according to the French Economy Ministry. French authorities said affected account holders will be notified in the coming days. “The French Economy Ministry said on Wednesday, February 18, that a hacker gained access to a national bank account database and consulted information on 1.2 million accounts.” reports French daily newspaper LeMonde. “Since the end of January, the hacker used the stolen credentials of an official to access and consult “parts of the file of all of the accounts open in French banks and which contains personal data such as bank account numbers, name of the account holder, address and in certain cases the account owner’s tax number,” the ministry said in a statement.” – https://securityaffairs.com/188200/hacking/french-ministry-confirms-data-access-to-1-2-million-bank-accounts.html
Industrial Control System Vulnerabilities Hit Record Highs
(Phil Muncaster – Infosecurity Magazine) The number of industrial control system (ICS) security advisories published in 2025 topped 500 for the first time since records began, with the severity of vulnerabilities also increasing, according to Forescout. The security vendor revealed the findings in its new report, ICS Cybersecurity in 2026: Vulnerabilities and the Path Forward. It said there were a total of 2155 CVEs published across 508 ICS advisories last year. That’s an increase from 103 CVEs across 67 advisories in 2011 – when records began. The average CVSS score of advisories climbed from 6.44 in 2010 to above 8.0 in 2024 and 2025. – https://www.infosecurity-magazine.com/news/industrial-control-system-vulns/
Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA
(Danny Palmer – Infosecurity Magazine) A newly uncovered phishing kit allows cybercriminals to steal usernames and passwords with a toolkit which spoofs live login pages and bypasses multi-factor authentication (MFA) protections, cybersecurity analysts have warned. Dubbed Starkiller, the phishing platform has been detailed by researchers at Abnormal, who have described it as “a commercial-grade cybercrime platform” and “a comprehensive toolkit for stealing identities at scale”. The tool is distributed on the dark web like a software-as-a-service (SaaS) product, complete with a subscription model, updates and customer support. – https://www.infosecurity-magazine.com/news/starkiller-phishing-kit-bypasses/
Flaws in Popular Software Development App Extensions Allow Data Exfiltration
(Kevin Poreault – Infosecurity Magazine) Researchers at OX Security have detected four vulnerabilities in three of the most popular integrated development environments (IDEs) that could lead to cyber-attacks. In a report published on February 17, OX Security shared details about the four new flaws, including two high-severity and one critical, affecting Microsoft Visual Studio Code (VS Code). These vulnerabilities also impact Cursor and Windsurf, two forks of VS Code that provide AI-assisted software development tools (aka ‘vibe coding’ platforms). The affected extensions were collectively downloaded over 128 million times. – https://www.infosecurity-magazine.com/news/vulnerabilities-vs-code-cursor/
Researchers Reveal Six New OpenClaw Vulnerabilities
(Phil Muncaster – Infosecurity Magazine) OpenClaw has patched six new vulnerabilities in its popular agentic AI assistant, covering server-side request forgery (SSRF), missing authentication and path traversal bugs, according to Endor Labs. The vulnerabilities, some of which do not have CVE IDs, range from moderate to high severity, the security vendor said in a blog post published on February 18. – https://www.infosecurity-magazine.com/news/researchers-six-new-openclaw/
