Russian group uses AI to exploit weakly-protected Fortinet firewalls, says Amazon
CSO Online 24.02.2026 03:49
A Russian-speaking threat actor is using commercial generative AI services to compromise hundreds of Fortinet Fortigate firewalls, warns Amazon Threat Intelligence.
Once on the network, the hackers successfully compromised Active Directory at hundreds of organizations, extracted complete credential databases, and targeted backup infrastructure — a potential precursor to ransomware deployment, the report adds.
APT28 Targeted European Entities Using Webhook-Based Macro Malware
The Hacker News 23.02.2026 19:41
The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe.
The activity, per S2 Grupo's LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed Operation MacroMaze. "The campaign relies on basic tooling and the exploitation of legitimate services
Leading Semiconductor Supplier Advantest Hit by Ransomware Attack
Infosecurity Magazine 23.02.2026 11:30
Advantest, a Japanese specialist in testing computer chips for major semiconductor manufacturers, has deployed incident response protocols following a cybersecurity incident
Sicherheitsupdate: Schadcode-Attacken auf GIMP möglich
Heise Security 23.02.2026 10:36
Angreifer können PCs, auf denen das Grafikprogramm GIMP installiert ist, attackieren. Dafür müssen Opfer aber mitspielen.
Attackers exploit Ivanti EPMM zero-days to seize control of MDM servers
CSO Online 23.02.2026 10:32
Attackers are actively exploiting two critical zero-day vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM) to gain unauthenticated control of enterprise mobile device management infrastructure and install backdoors engineered to persist even after organizations apply available patches.
“Two critical zero-day vulnerabilities (CVE-2026-1281 and CVE-2026-1340) affecting Ivanti Endpoint Manager Mobile (EPMM) are being actively exploited in the wild, affecting enterprise mobile fleets and corporate networks,” Palo Alto Networks’ Unit 42 threat research team said in an advisory. “These vulnerabilities allow unauthenticated attackers to remotely execute arbitrary code on target servers, granting them full control over mobile device management (MDM) infrastructure without requiring user interaction or credentials.”
Pi-hole: Update schließt Sicherheitslücken und liefert mehr Performance
Heise Security 23.02.2026 08:11
Die Pi-hole-Programmierer haben dem DNS-Werbefilter Sicherheitslücken ausgetrieben und die Software verschlankt.
Datenleck: Daten einiger Paypal-Nutzer monatelang geleakt
Golem 23.02.2026 07:45
Von Juli bis Dezember 2025 konnten Angreifer Daten einiger Paypal-Business-Kunden abgreifen. Auch unbefugte Transaktionen wurden beobachtet. (Datenleck, Datenschutz)
Roundcube Webmail: Angriffe auf Sicherheitslücken laufen
Heise Security 23.02.2026 07:00
Die IT-Sicherheitsbehörde CISA warnt vor aktuell beobachteten Angriffen auf Roundcube-Webmail-Schwachstellen. Admins sollten updaten.