(Credit: Rafael Henrique – stock.adobe.com)

(Credit: Rafael Henrique – stock.adobe.com)

Attacks on 2 critical Ivanti EPMM bugs surge worldwide

Steve ZurierFebruary 19, 2026

Experts warn teams to check their logs, as dormant backdoors are designed to survive patching.

RESOURCES

Threat Hunting
Defusing the danger of North Korean IT workers
MDR
How to transform your SOC through XDR and MDR
Government security
Trust and data integrity: Cornerstones of AI for the public sector
Critical Infrastructure Security
From perimeter to protocol: Reducing telecom attack surface with privacy-first mobile technology
Application security
Scaling SaaS security to manage agentic AI

PODCASTS

Private equity
Security Money: The Index and NASDAQ Diverge – BSW #435
Vulnerability Management
Meatbags, AI Soul Harvest, DNS, LastPass, GS7, OpenClaw, MYSQL, Aaran Leyland, & More – SWN #556
Application security
Conducting Secure Code Analysis with LLMs – ASW #370
Endpoint/Device Security
Hardware-level zero trust, don’t trust AI with your employees, and the news – Matias Katz, J Wolfgang Goerlich – ESW #446
Vulnerability Management
Cams, Gelbwurst, Chrome, SCCM, CVES, SSHStalker, RAM, TikTok, Josh Marpet… – SWN #555

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

(Credit: MakZin – stock.adobe.com)

Vulnerability Management

Critical flaw in Grandstream GXP1600 VoIP phones could lead to call eavesdropping

Laura FrenchFebruary 19, 2026

The flaw is a stack buffer overflow that could lead to unauthenticated RCE with root privileges.

China Bans Cyber Attacks: Examining Internet Security with Chinese Flag and Binary Data Through a Magnifying Glass Concept

China-linked UNC6201 exploits 10.0 bug in Dell RecoverPoint for VMs since mid-2024

Steve ZurierFebruary 18, 2026

Google Mandiant warns to patch immediately because exploitation can weaken a team's ability to recover from a ransomware attack.

(Credit: Rokas – stock.adobe.com)

Infostealer exfiltrates sensitive OpenClaw files

Laura FrenchFebruary 18, 2026

The stolen files included cryptographic keys and the AI agent’s context and memories.

(Adobe Stock)

Unit 42: Identity abuse drives nearly two-thirds of all breaches

Steve ZurierFebruary 17, 2026

Speed is also a factor, as the time from data access to exfiltration has dropped to 72 minutes.

(Credit: photo_gonzo – stock.adobe.com)

Security Operations

CISA adds SolarWinds, Microsoft, Apple, Notepad++ vulnerabilities to KEV catalog

Laura FrenchFebruary 13, 2026

The Microsoft Configuration Manager vulnerability, patched in 2024, could enable RCE.

patch presented in the form of binary code

Actively exploited BeyondTrust RCE bug exposes identity infrastructure

Steve ZurierFebruary 13, 2026

Exploited BeyondTrust RCE (CVE-2026-1731) shows patch gaps in privileged access tools.

(Credit: Rafael Henrique – stock.adobe.com)

Vulnerability Management

Unstructured.io flaw enables path traversal by email attachment

Laura FrenchFebruary 13, 2026

A malicious attachment could cause files to be written to sensitive locations, leading to RCE.

Close up shot of Apple iPhone, Apple announces iOS 26 during its WWDC 2025.

Application security

Apple fixes zero-day that exploited OS bug in open-source code

Steve ZurierFebruary 12, 2026

Apple patches exploited zero-day in open-source component across iOS, macOS, watchOS.

EVENTS