Fortinet fixes critical FortiClientEMS SQL injection flaw (CVSS 9.1) enabling code execution; separate SSO bug actively exploited.
Get the latest international news and world events from around the world.
Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server
The fact that the attackers are pursuing the former method is an indication that it likely allows the malicious activity to blend in with typical administrative workflows, helping them avoid detection.
“By abusing legitimate features (password resets and drive mounting) instead of relying solely on a single ‘noisy’ exploit primitive, operators may reduce the effectiveness of detections tuned specifically for known RCE patterns,” Feminella added. “This pace of weaponization is consistent with ransomware operators rapidly analyzing vendor fixes and developing working tradecraft shortly after release.”
When reached for comment about the Warlock ransomware activity targeting SmarterTools, ReliaQuest told The Hacker News that it observed the attackers exploiting CVE-2026–23760 on unpatched systems running versions prior to Build 9,511 shortly after the patch was released.
ZeroDayRAT malware grants full access to Android, iOS devices
A new commercial mobile spyware platform dubbed ZeroDayRAT is being advertised to cybercriminals on Telegram as a tool that provides full remote control over compromised Android and iOS devices.
The malware provides buyers with a full-featured panel for managing infected devices, reportedly supporting Android 5 through 16 and iOS up to version 26 latest.
Researchers at mobile threat hunting company iVerify say that ZeroDayRAT not just steals data but also enables real-time surveillance and financial theft.
Microsoft releases Windows 11 26H1 for select and upcoming CPUs
Microsoft has announced Windows 11 26H1, but it’s not for existing PCs. Instead, it will ship on devices with Snapdragon X2 processors and possibly other rumored ARM chips.
Microsoft insists Windows 11 is still following an annual update cadence, which means Windows 11 26H2 is likely on track.
According to Microsoft, Windows 11 26H1 is based on a new platform release to support the upcoming ARM chips.
Microsoft releases Windows 10 KB5075912 extended security update
Microsoft has released the Windows 10 KB5075912 extended security update to fix February 2026 Patch Tuesday vulnerabilities, including six zero-days, and continue rolling out replacements for expiring Secure Boot certificates.
If you are running Windows 10 Enterprise LTSC or are enrolled in the ESU program, you can install this update like normal by going into Settings, clicking on Windows Update, and manually performing a ’Check for Updates.’
After installing this update, Windows 10 will be updated to build 19045.6937, and Windows 10 Enterprise LTSC 2021 will be updated to build 19044.6937.
Microsoft 365 outage takes down admin center in North America
Microsoft is investigating an outage that blocks some administrators with business or enterprise subscriptions from accessing the Microsoft 365 admin center.
While the company has yet to disclose which regions are affected by this ongoing service degradation, it is tracking it on its official service health status page to provide impacted organizations with up-to-date information.
“Some users in the North America region may be unable to access the Microsoft 365 admin center. We’re reviewing service monitoring telemetry to isolate the root cause and develop a remediation plan,” Microsoft said when it acknowledged the issue.
New Linux botnet SSHStalker uses old-school IRC for C2 comms
A newly documented Linux botnet named SSHStalker is using the IRC (Internet Relay Chat) communication protocol for command-and-control (C2) operations.
The protocol was invented in 1988, and its adoption peaked during the 1990s, becoming the main text-based instant messaging solution for group and private communication.
Technical communities still appreciate it for its implementation simplicity, interoperability, low bandwidth requirements, and no need for a GUI.
Malicious 7-Zip site distributes installer laced with proxy tool
A fake 7-Zip website is distributing a trojanized installer of the popular archiving tool that turns the user’s computer into a residential proxy node.
Residential proxy networks use home user devices to route traffic with the goal of evading blocks and performing various malicious activities such as credential stuffing, phishing, and malware distribution.
The new campaign became better known after a user reported that they downloaded a malicious installer from a website impersonating the 7-Zip project while following instructions in a YouTube tutorial on building a PC system. BleepingComputer can confirm that the malicious website, 7zip[.]com, is still live.
