End-of-Day report
Timeframe: Donnerstag 12-02-2026 18:00 - Freitag 13-02-2026 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Felician Fuchs
News
Microsoft: New Windows LNK spoofing issues arent vulnerabilities
Today, at Wild West Hackin Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK shortcut files that allow attackers to deploy malicious payloads.
https://www.bleepingcomputer.com/news/microsoft/microsoft-new-windows-lnk-spoofing-issues-arent-vulnerabilities/
Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy - Again
A handful of European government agencies have been compromised by hackers in recent weeks, thanks to a new round of critical vulnerabilities in an Ivanti product - and it's another grim reminder of the heyday attackers have been having with edge devices.
https://www.darkreading.com/endpoint-security/ivanti-epmm-zero-day-bugs-exploit
37 Millionen Downloads: 287 Chrome-Extensions bei der Spionage erwischt
Forscher haben den Traffic zahlreicher Chrome-Erweiterungen analysiert. 287 davon spionieren für Datenbroker das Surfverhalten aus.
https://www.golem.de/news/37-millionen-downloads-287-chrome-extensions-bei-der-spionage-erwischt-2602-205381.html
Bypassing Administrator Protection by Abusing UI Access
In my last blog post I introduced the new Windows feature, Administrator Protection and how it aimed to create a secure boundary for UAC where one didn-t exist. I described one of the ways I was able to bypass the feature before it was released. In total I found 9 bypasses during my research that have now all been fixed.In this blog post I wanted to describe the root cause of 5 of those 9 issues, specifically the implementation of UI Access, how this has been a long standing problem with UAC that-s been under-appreciated, and how it-s being fixed now.
https://projectzero.google/2026/02/windows-administrator-protection.html
IPFire stellt freie Domain-Blockliste DBL vor
Die IPFire-Entwickler haben mit DBL eine kategorisierte Domain-Blockliste veröffentlicht. Sie soll Malware, Phishing und Tracker blockieren.
https://www.heise.de/news/IPFire-stellt-freie-Domain-Blockliste-DBL-vor-11175994.html
How to find and remove credential-stealing Chrome extensions
Researchers have uncovered 30 Chrome extensions stealing user data. Here-s how to check your browser and remove any malicious extensions step by step.
https://www.malwarebytes.com/blog/news/2026/02/how-to-find-and-remove-credential-stealing-chrome-extensions
Vorsicht, Trojaner! Kursierende Nachrichten zu Urheberrechtsverletzungen sind Fakes!
Mit Phishing-Nachrichten im Namen real existierender Unternehmen versuchen Kriminelle aktuell, Schadsoftware auf die Endgeräte ihrer Opfer zu schummeln. Die erhobenen Anschuldigungen sind natürlich frei erfunden, das angehängte Dokument ist allerdings hochgefährlich.
https://www.watchlist-internet.at/news/vorsicht-trojaner-urheberrechtsverletzungen/
Urgent warnings from UK and US cyber agencies after Polish energy grid attack
A coordinated cyberattack that targeted Polands energy infrastructure in late December 2025 has prompted cybersecurity agencies to issue urgent warnings to critical national infrastructure operators on both sides of the Atlantic.
https://www.fortra.com/blog/urgent-warnings-uk-and-us-cyber-agencies-after-polish-energy-grid-attack
Naming and shaming: How ransomware groups tighten the screws on victims
When corporate data is exposed on a dedicated leak site, the consequences linger long after the attack fades from the news cycle.
https://www.welivesecurity.com/en/ransomware/naming-shaming-ransomware-groups-tighten-screws-victims/
Lawful access to encrypted data: why is this so hard to do?
As I am now a member of the EU expert group which is tasked with coming up with a solution, I have been thinking a lot about this problem. An interesting train of thought turned out to be the question -We managed to give Law Enforcement (LE) wiretapping powers in old-style phone networks, but not in modern, Internet-based communication services. Why?-
https://www.cert.at/en/blog/2026/2/lawful-access-to-encrypted-data-why-is-this-so-hard-to-do
8,000+ ChatGPT API Keys Left Publicly Accessible
The rapid integration of artificial intelligence into mainstream software development has introduced a new category of security risk, one that many organizations are still unprepared to manage. According to research conducted by Cyble Research and Intelligence Labs (CRIL), thousands of exposed ChatGPT API keys are currently accessible across public infrastructure, dramatically lowering the barrier for abuse. CRIL identified more than 5,000 publicly accessible GitHub repositories containing
https://thecyberexpress.com/exposed-chatgpt-api-keys-github-websites/
Vulnerabilities
Jetzt patchen! Angreifer attackieren BeyondTrust-Fernwartungslösungen
Angreifer nutzen eine kritische Schadcode-Lücke in BeyondTrust Remote Support und Privileged Remote Access aus. Sicherheitspatches sind verfügbar.
https://www.heise.de/news/Jetzt-patchen-Angreifer-attackieren-BeyondTrust-Fernwartungsloesungen-11175384.html
Qnap-NAS: Unbefugte Dateisystemzugriffe möglich
Sicherheitspatches für die NAS-Betriebssysteme QTS und QuTS hero von Qnap schließen mehrere Lücken.
https://www.heise.de/news/Qnap-NAS-Unbefugte-Dateisystemzugriffe-moeglich-11175677.html
LWN Security updates for Friday
https://lwn.net/Articles/1058642/