End-of-Day report
Timeframe: Mittwoch 18-02-2026 18:00 - Donnerstag 19-02-2026 18:00
Handler: Guenes Holler
Co-Handler: Felician Fuchs
News
Lawful access to encrypted data: General Considerations
Last week, I wrote a blog post on why the problem of lawful access to encrypted data is so tricky, this week I want to continue with a discussion on the general considerations you should keep in mind when thinking about this topic. Important note: I think LE is well aware of these considerations and agrees with most of my conclusions.
https://www.cert.at/en/blog/2026/2/lawful-access-to-encrypted-data-general-considerations
Hackers target Microsoft Entra accounts in device code vishing attacks
Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device Authorization flow and compromise Microsoft Entra accounts.
https://www.bleepingcomputer.com/news/security/hackers-target-microsoft-entra-accounts-in-device-code-vishing-attacks/
How infostealers turn stolen credentials into real identities
Infostealer dumps increasingly tie stolen credentials to real identities, linking usernames, cookies, and behavior across personal and enterprise accounts. Specops explains how analyzing 90,000 dumps shows reuse fuels enterprise risk and how continuous AD scanning disrupts that cycle.
https://www.bleepingcomputer.com/news/security/how-infostealers-turn-stolen-credentials-into-real-identities/
Arkanix Stealer: a C++ & Python infostealer
Kaspersky researchers analyze a C++ and Python stealer dubbed "Arkanix Stealer", which was active for several months, targeted wide range of data, was distributed as MaaS and offered referral program to its partners.
https://securelist.com/arkanix-stealer/119006/
Frankreich: Angreifer griffen auf Daten von 1,2 Millionen Bankkonten zu
In Frankreich haben sich Angreifer Zugriff auf eine nationale Datenbank verschafft und Daten zu 1,2 Millionen Bankkonten ausgelesen.
https://www.heise.de/news/Frankreich-Angreifer-griffen-auf-Daten-von-1-2-Millionen-Bankkonten-zu-11182323.html
Die Uhr tickt: Frist zur NIS2-Registrierung beim BSI läuft am 6. März 2026 ab
Der TÜV SÜD warnt, dass in zwei Wochen die Registrierungsfrist beim BSI für NIS2-pflichtige Unternehmen endet. Betroffen sind rund 29.000 deutsche Unternehmen.
https://www.heise.de/news/Die-Uhr-tickt-Frist-zur-NIS2-Registrierung-beim-BSI-laeuft-am-6-Maerz-2026-ab-11182499.html
Betrugsmasche: Falsche -Gemini--Chatbots verkaufen falschen -Google Coin-
Eine neue Betrugsmasche beruht auf angepassten KI-Chatbots. Diese drängen Opfer dazu, wertlose Kryptowährungen zu kaufen.
https://www.heise.de/news/Betrugsmasche-Falsche-Gemini-Chatbots-verkaufen-falschen-Google-Coin-11182685.html
Kubernetes project issues warning on Ingress NGINX retirement
The Kubernetes project is urging organizations to migrate away from Ingress NGINX before its retirement in March 2026, with new high-severity CVEs underscoring the urgency.
https://securitylabs.datadoghq.com/articles/kubernetes-ingress-nginx-retirement-warning/
Cline CLI npm Package Compromised via Suspected Cache Poisoning Attack
On February 17, 2026, an unauthorized party used a compromised npm publish token to push cline@2.3.0 to the npm registry. Cline is a popular AI coding agent CLI in the developer ecosystem, with around 90,000 weekly downloads from npm. The malicious version contained a modified package.json with an added postinstall script: npm install -g openclaw@latest.
https://socket.dev/blog/cline-cli-npm-package-compromised-via-suspected-cache-poisoning-attack
Vulnerabilities
Critical infra Honeywell CCTVs vulnerable to auth bypass flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a critical vulnerability in multiple Honeywell CCTV products that allows unauthorized access to feeds or account hijacking.
https://www.bleepingcomputer.com/news/security/critical-infra-honeywell-cctvs-vulnerable-to-auth-bypass-flaw/
Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution
Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices.The vulnerability, tracked as CVE-2026-2329, carries a CVSS score of 9.3 out of a maximum of 10.0.
https://thehackernews.com/2026/02/grandstream-gxp1600-voip-phones-exposed.html
Nvidia-KI-Tools Megatron Bridge und NeMo Framework als Einfallstor für Angreifer
Nvidias Entwickler haben unter anderem Schadcode-Schlupflöcher in Megatron Bridge und NeMo Framework geschlossen.
https://www.heise.de/news/Nvidia-KI-Tools-Megatron-Bridge-und-NeMo-Framework-als-Einfallstor-fuer-Angreifer-11182013.html
Mozilla Firefox Issues Emergency Patch for Heap Buffer Overflow in Firefox v147
Mozilla has released an out-of-band security update to address a critical vulnerability affecting its browser. The update, issued as Firefox v147.0.4, resolves a high-impact Heap buffer overflow flaw in the libvpx video codec library. The issue is tracked under CVE-2026-2447 and was identified by security researcher jayjayjazz.
https://thecyberexpress.com/firefox-v147-cve-2026-2447/
LWN Security updates for Thursday
https://lwn.net/Articles/1059500/