Tageszusammenfassung - 10.02.2026

End-of-Day report

Timeframe: Montag 09-02-2026 18:00 - Dienstag 10-02-2026 18:00 Handler: Guenes Holler Co-Handler: Felician Fuchs

News

Hackers breach SmarterTools network using flaw in its own software

SmarterTools confirmed last week that the Warlock ransomware gang breached its network after compromising an email system, but did not impact business applications or account data.

https://www.bleepingcomputer.com/news/security/hackers-breach-smartertools-network-using-flaw-in-its-own-software/

ZeroDayRAT malware grants full access to Android, iOS devices

A new commercial mobile spyware platform dubbed ZeroDayRAT is being advertised to cybercriminals on Telegram as a tool that provides full remote control over compromised Android and iOS devices.

https://www.bleepingcomputer.com/news/security/zerodayrat-malware-grants-full-access-to-android-ios-devices/

Trojaner an Bord: Mit Schadcode verseuchte 7-Zip-Version in Umlauf

Wer das Packprogramm 7-Zip herunterlädt, sollte dringend auf die korrekte Domain achten. Eine mit Malware verseuchte Version wurde gesichtet.

https://www.golem.de/news/trojaner-an-bord-mit-schadcode-verseuchte-7-zip-versionen-in-umlauf-2602-205223.html

Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data

The Netherlands Dutch Data Protection Authority (AP) and the Council for the Judiciary confirmed both agencies (Rvdr) have disclosed that their systems were impacted by cyber attacks that exploited the recently disclosed security flaws in Ivanti Endpoint Manager Mobile (EPMM), according to a notice sent to the countrys parliament on Friday.

https://thehackernews.com/2026/02/dutch-authorities-confirm-ivanti-zero.html

Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools

Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself.

https://thehackernews.com/2026/02/reynolds-ransomware-embeds-byovd-driver.html

More than 135,000 OpenClaw instances exposed to internet in latest vibe-coded disaster

By default, the bot listens on all network interfaces, and many users never change it Its a day with a name ending in Y, so you know what that means: Another OpenClaw cybersecurity disaster.

https://www.theregister.com/2026/02/09/openclaw_instances_exposed_vibe_code/

Introducing Augustus: Open Source LLM Prompt Injection Tool

Last month we released Julius, a tool that answers the question: -what LLM service is running on this endpoint?- Julius identifies the infrastructure. But identification is only the first step. The natural follow-up: -now that I know what-s running, how do I test whether it-s secure?- That-s what Augustus does.

https://www.praetorian.com/blog/introducing-augustus-open-source-llm-prompt-injection/

Jetzt patchen! Abermals Attacken auf SolarWinds Web Help Desk beobachtet

Sicherheitsforschern zufolge nutzen Angreifer derzeit kritische Schadcode-Lücken in SolarWinds Web Help Desk aus.

https://www.heise.de/news/Jetzt-patchen-Abermals-Attacken-auf-SolarWinds-Web-Help-Desk-beobachtet-11170887.html

Archive.today: Betreiber setzt Nutzer für DDoS-Attacke ein

Der Betreiber von Archive.today setzt Besucher seiner Seite unwissentlich für eine DDoS-Attacke. Betroffener ist ein finnischer Blogger.

https://www.heise.de/news/Archive-today-Betreiber-setzt-Nutzer-fuer-DDoS-Attacke-ein-11170623.html

North Korean hackers targeted crypto exec with fake Zoom meeting, ClickFix scam

The scam involved a ClickFix attack where hackers install malware on a device by having the victim try to resolve fictitious technical issues.

https://therecord.media/north-korean-hackers-targeted-crypto-exec-clickfix

Pride Month Phishing Targets Employees via Trusted Email Services

Attackers are using Pride Month themed phishing emails to target employees worldwide, abusing trusted email platforms like SendGrid to harvest credentials.

https://hackread.com/pride-month-phishing-employees-trusted-email-services/

New Cybercrime Group 0APT Accused of Faking Hundreds of Breach Claims

Researchers reveal the new 0APT cyber group is fabricating attacks on large organisations. Learn how they use fake data to trick companies into paying.

https://hackread.com/cybercrime-group-0apt-faking-breach-claims/

Beyond the Battlefield: Threats to the Defense Industrial Base

Introduction In modern warfare, the front lines are no longer confined to the battlefield; they extend directly into the servers and supply chains of the industry that safeguards the nation. Today, the defense sector faces a relentless barrage of cyber operations conducted by state-sponsored actors and criminal groups alike.

https://cloud.google.com/blog/topics/threat-intelligence/threats-to-defense-industrial-base/

Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps

The purpose of this Alert is to amplify Poland-s Computer Emergency Response Team (CERT Polska-s) Energy Sector Incident Report published on Jan. 30, 2026, and highlight key mitigations for Energy Sector stakeholders.

https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps

Deep Dive into New XWorm Campaign Utilizing Multiple-Themed Phishing Emails

FortiGuard Labs recently captured a phishing campaign in the wild delivering a new variant of XWorm. XWorm is a multi-functional Remote Access Trojan (RAT) first identified in 2022 that remains actively distributed, including through Telegram-based marketplaces. Once deployed, it provides attackers with full remote control of compromised Windows systems.

https://feeds.fortinet.com/~/945702296/0/fortinet/blogs~Deep-Dive-into-New-XWorm-Campaign-Utilizing-MultipleThemed-Phishing-Emails

Tech impersonators: ClickFix and MacOS infostealers

Datadog identified an active campaign employing fake GitHub repositories impersonating software companies and leveraging the ClickFix initial access technique to deliver macOS infostealers.

https://securitylabs.datadoghq.com/articles/tech-impersonators-clickfix-and-macos-infostealers/

Vulnerabilities

Security updates for Tuesday

Security updates have been issued by AlmaLinux (fence-agents, firefox, fontforge, freerdp, kernel-rt, keylime, libsoup, libsoup3, nodejs22, nodejs24, opentelemetry-collector, osbuild-composer, python3.12-wheel, qemu-kvm, resource-agents, thunderbird, and util-linux), Debian (kernel, rlottie, shaarli, and usbmuxd), Fedora (asciinema, atuin, bustle, cef, envision, glycin, greetd, helix, java-21-openjdk, java-25-openjdk, java-latest-openjdk, keylime-agent-rust, maturin, mirrorlist-server, ntpd-rs, python3.6, rust-add-determinism, rust-afterburn, rust-ambient-id, rust-app-store-connect, rust-bat, rust-below, rust-btrd, rust-busd, rust-bytes, rust-cargo-c, rust-cargo-deny, rust-coreos-installer, rust-crypto-auditing-agent, rust-crypto-auditing-client, rust-crypto-auditing-event-broker, rust-crypto-auditing-log-parser, rust-dua-cli, rust-eif_build, rust-git-delta, rust-git-interactive-rebase-tool, rust-git2, rust-gst-plugin-dav1d, rust-gst-plugin-reqwest, rust-heatseeker, rust-ingredients, rust-jsonwebtoken, rust-lsd, rust-monitord, rust-monitord-exporter, rust-muvm, rust-nu, rust-num-conv, rust-onefetch, rust-oo7-cli, rust-pleaser, rust-pore, rust-pretty-git-prompt, rust-procs, rust-rbspy, rust-rbw, rust-rd-agent, rust-rd-hashd, rust-redlib, rust-resctl-bench, rust-resctl-demo, rust-routinator, rust-sccache, rust-scx_layered, rust-scx_rustland, rust-scx_rusty, rust-sequoia-chameleon-gnupg, rust-sequoia-keystore-server, rust-sequoia-octopus-librnp, rust-sequoia-sq, rust-sevctl, rust-shadow-rs, rust-sigul-pesign-bridge, rust-snpguest, rust-speakersafetyd, rust-tealdeer, rust-time, rust-time-core, rust-time-macros, rust-tokei, rust-weezl, rust-wiremix, rust-ybaas, rustup, sad, tbtools, tuigreet, and uv), Mageia (fontforge and nginx), Oracle (firefox, fontforge, freerdp, kernel, keylime, libsoup, python, thunderbird, and uek-kernel), SUSE (abseil-cpp and kernel), and Ubuntu (freerdp2 and libsoup3).

https://lwn.net/Articles/1057993/

XSS via back button

An Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability [CWE-79] in FortiSandbox may allow an unauthenticated attacker to execute commands via crafted requests. FortiSandbox PaaS versions 4.4.8 and 5.0.5 contains the fix for this vulnerability.

https://fortiguard.fortinet.com/psirt/FG-IR-25-093

Schwerwiegende Schwachstellen in Google Looker aufgedeckt

Noch ein kleiner Nachtrag zu einer Information, die mich vor einigen Tagen erreichte. Sicherheitsforscher von Tenable Research habe zwei schwerwiegende Sicherheitslücken in in Google Looker entdeckt und als "LookOut" bezeichnet. Angreifer können ganze Systeme kapern, um Firmengeheimnisse zu stehlen.

https://borncity.com/blog/2026/02/09/schwerwiegende-schwachstellen-in-google-looker-aufgedeckt/

February 2026 Security Update

Ivanti releases standard security patches on the second Tuesday of every month. Our vulnerability management program is central to our commitment to maintaining secure products. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program.

https://www.ivanti.com/blog/february-2026-security-update

Roundcube 1.7 RC3 released

We just published the third release candidate for the next major version 1.7 of Roundcube webmail. This release fixes two security issues, and contains a few more fixes for several issues.

https://roundcube.net/news/2026/02/09/roundcube-1.7-rc3-released

Attacken auf BeyondTrust Remote Support und Privileged Remote Access möglich

Zwei Fernwartungslösungen von BeyondTrust sind verwundbar. Sicherheitsupdates schließen eine kritische Lücke.

https://heise.de/-11171444

SAP Security Patch Day February 2026

SAP has released its February 2026 security patch package containing 27 security notes addressing critical vulnerabilities across enterprise SAP environments. This release includes two HotNews vulnerabilities with CVSS ratings up to 9.9, seven High priority issues, sixteen Medium priority fixes, and two Low priority updates.

https://redrays.io/blog/sap-security-patch-day-february-2026/