CyberSecurity Knuggets
Feb 12, 2026
Email 1:
Subject: Risky Bulletin: Chinese cyber-spies breached all of Singapore’s telcos
Sender: risky-biz@ghost.ioD
Summary:
Singapore’s Cyber Security Agency (CSA) reports that a Chinese cyber-espionage group UNC3886 breached all four major telecom providers (M1, SIMBA Telecom, Singtel, StarHub) last year. The group used zero-day exploits in firewalls and rootkits for persistence and stole technical data to aid future intrusions but did not find evidence of customer data theft. UNC3886 has a history of exploiting networking gear from Fortinet, Juniper, VMware, and others, and is among the most prolific Chinese espionage groups alongside the Salt Typhoon APT group specialized in telco hacks.
Other highlights:
– Hacktivists leaked 536,000 records from Ukrainian stalkerware company Struktura.
– Substack data scrape exposed personal data of 663,000 users.
– Canadian regulators investigate Nova Scotia Power cyberattack that stole data of 280,000 customers.
– Discord launches global age verification requiring ID or video selfie.
– Microsoft announces new Windows 11 security modes including runtime integrity safeguards and user consent prompts.
– Intel releases TDX 1.5 with new features but with a security audit finding one major vulnerability.
– US Air Force bans smart glasses due to concerns over secret recording.
– Arrests related to Morele.net hack, JokerOTP phishing kit, and crypto laundering scam.
– Reports on Russian info-op troops based on medals and notable APT group activity.
– Multiple malware campaigns discovered including new ransomware strains and macOS infostealer SHub Stealer.
– Vulnerabilities patched broadly during February Patch Tuesday including 6 active zero-days in Microsoft products.
Links: risky.biz/RBNEWS524/, risky.biz/RBNEWSSI114/, risky.biz/RBNEWSS198/
Email 2:
Subject: CISA warns US infrastructure owners following Russian attack on Poland’s power grids
Sender: info@metacurity.comD
Summary:
Following a December Russian cyberattack on Poland’s power grid, CISA issued a warning to U.S. critical infrastructure owners about risks to operational technology (OT) and industrial control systems (ICS), commonly found in energy and manufacturing sectors. The attack exploited vulnerable internet-facing edge devices, deploying wiper malware that damaged RTUs, HMIs, and firmware, causing loss of system visibility and control.
Additional news:
– Russia throttles Telegram, accusing it of failing to protect data and combat crime, pushing Russians towards a government-controlled messaging app MAX.
– North Korean hackers UNC1069 used social engineering involving compromised Telegram accounts, fake Zoom meetings with AI-generated deepfake videos, and ClickFix malware infections to target cryptocurrency companies.
– Israel foiled hundreds of Iranian cyberattacks targeting government officials and citizens using personalized phishing including stolen login credentials and multi-factor codes.
– Microsoft February Patch Tuesday included fixes for six actively exploited zero-days affecting Windows Shell, MSHTML, Word, Remote Desktop Services, Desktop Window Manager, and VPN Connection Manager.
– Microsoft begins rolling out updated Secure Boot certificates to replace those expiring in June 2026.
– Privacy concerns arise over Ring’s AI-powered surveillance service “Search Party” during Super Bowl, highlighting dystopian surveillance realities.
– Newly discovered Linux botnet SSHStalker uses IRC protocol and exploits old Linux kernel vulnerabilities.
– ICE denies building a protester database despite claims, amid ongoing scrutiny over facial recognition and data collection practices.
– LastPass CEO discusses security improvements and overhauls since 2022 breach, including hardware authentication and tighter employee security policies.
– AI cybersecurity startup Vega raised $120 million in Series B funding.
Email 3:
Subject: Microsoft addresses six actively exploited zero-days and other Patch Tuesday notes | The CyberWire 2.11.26s
Sender: editor@newsletter.n2k.comD
Summary:
Microsoft patched 58 vulnerabilities, including six actively exploited zero-days affecting Windows Shell, MSHTML, Word, Remote Desktop Services, Desktop Window Manager, and Windows Remote Access Connection Manager.
Other significant updates:
– Adobe patched multiple apps including Audition, After Effects, InDesign, and more.
– Intel and AMD fixed over 80 vulnerabilities including critical flaws in Intel’s Trust Domain Extensions (TDX).
– Industrial vendors like Siemens, Schneider Electric, Aveva, and Phoenix Contact released security patches.
– Bitdefender reports a surge in LummaStealer malware activity delivered via CastleLoader loader, with evidence of close coordination between both malware families.
– Mandiant reveals North Korean hacker group UNC1069 targets crypto and DeFi sectors using social engineering, seven malware families, AI-generated deepfake Zoom meetings, and ClickFix infections.
– Sophos acquired London cybersecurity assurance provider Arco Cyber to enhance advisory and managed detection services.
– RSAC 2026 conference announced for March in San Francisco.
Email 4:
Subject: Severe TDX Vulnerability Allows Full Compromises
Sender: news@securityweek.comD
Summary:
Google’s security audit revealed a severe vulnerability in Intel’s Trust Domain Extensions (TDX) that could allow full compromise of TDX execution environments. Intel and AMD have patched over 80 vulnerabilities across their product lines. Microsoft is updating Windows Secure Boot certificates set to expire June 2026.
Additional topics:
– SecurityWeek publishes expert insights on cyber defense, including AI-driven attacker tradecraft and the dangers of mistaking automation for true security.
– Linux botnet SSHStalker exploits old vulnerabilities using IRC C2 for robust but simple operations.
– Multiple patches released in critical infrastructure industrial control software from Siemens, Schneider, Aveva, and others.
– Zast.AI raises $6 million for AI-powered code security.
– Reports on new mobile spyware “ZeroDayRAT” targeting Android and iOS.
– Notable breaches and exposures include Conduent breach affecting Volvo employees and vulnerabilities in Ivanti and Fortinet products.
– Upcoming Supply Chain Security Summit announced for March 18, 2026.
These summaries reflect the main cybersecurity news and updates included in the four provided emails dated February 10-11, 2026.
Stay Well!
