Security – Lifeboat News: The Blog

Feb 14
2026

CISA flags critical Microsoft SCCM flaw as exploited in attacks

CISA ordered U.S. government agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager vulnerability patched in October 2024 and now exploited in attacks.

Microsoft Configuration Manager (also known as ConfigMgr and formerly System Center Configuration Manager, or SCCM) is an IT administration tool for managing large groups of Windows servers and workstations.

Tracked as CVE-2024–43468 and reported by offensive security company Synacktiv, this SQL injection vulnerability allows remote attackers with no privileges to gain code execution and run arbitrary commands with the highest level of privileges on the server and/or the underlying Microsoft Configuration Manager site database.

Feb 13
2026

12 Emerging Innovative Technology Areas for Government Prioritization

By Chuck Brooks

#technology #government #security

By Chuck Brooks, president of Brooks Consulting International

The future of innovation in both government and industry will not be distinguished by singular breakthroughs, but rather by the convergence and meshing of a number of different new technologies. Going forward, industries, national security, economic competitiveness, privacy and almost every aspect of everyday life will all be reshaped as a result of this integrated ecosystem, which encompasses artificial intelligence, quantum computing, improved connectivity, space systems and other areas.

Twelve crucial technical domains will help propel the federal government toward this convergent transformation.

Feb 13
2026

Microsoft: New Windows LNK spoofing issues aren’t vulnerabilities

Today, at Wild West Hackin’ Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK shortcut files that allow attackers to deploy malicious payloads.

Beukema documented four previously unknown techniques for manipulating Windows LNK shortcut files to hide malicious targets from users inspecting file properties.

LNK shortcuts were introduced with Windows 95 and use a complex binary format that allows attackers to create deceptive files that appear legitimate in Windows Explorer’s properties dialog but execute entirely different programs when opened.

Feb 13
2026

Fake AI Chrome extensions with 300K users steal credentials, emails

A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information.

Some of the extensions are still present in the Chrome Web Store and have been installed by tens of thousands of users, while others show a small install count.

Researchers at browser security platform LayerX discovered the malicious extension campaign and named it AiFrame. They found that all analyzed extensions are part of the same malicious effort as they communicate with infrastructure under a single domain, tapnetic[.]pro.

Feb 13
2026

Apple fixes zero-day flaw used in ‘extremely sophisticated’ attacks

Apple has released security updates to fix a zero-day vulnerability that was exploited in an “extremely sophisticated attack” targeting specific individuals.

Tracked as CVE-2026–20700, the flaw is an arbitrary code execution vulnerability in dyld, the Dynamic Link Editor used by Apple operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS.

Apple’s security bulletin warns that an attacker with memory write capability may be able to execute arbitrary code on affected devices.

Feb 13
2026

WordPress plugin with 900k installs vulnerable to critical RCE flaw

A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files without authentication.

The security issue is tracked as CVE-2026–1357 and received a severity score of 9.8. It impacts all versions of the plugin up to 0.9.123 and could lead to a complete website takeover.

Despite the severity of the issue, researchers at WordPress security company Defiant say that only sites with the non-default “receive backup from another site” option enabled are critically impacted.

Feb 12
2026

Physicists Turn Ordinary Glass Into a High-Speed Quantum Security Device

A laser-written glass chip shows how fragile quantum signals can be decoded with high stability and low loss, offering a new path toward practical quantum communication systems.

Feb 12
2026

Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices

Apple releases security updates fixing exploited dyld zero-day CVE-2026–20700 enabling code execution across iOS, macOS, and Apple devices.

Feb 12
2026

Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms

Patch Tuesday delivers fixes for 59 Microsoft flaws, six exploited zero-days, plus critical SAP and Intel TDX vulnerabilities.

Feb 12
2026

Windows 11 Notepad flaw let files execute silently via Markdown links

Microsoft has fixed a “remote code execution” vulnerability in Windows 11 Notepad that allowed attackers to execute local or remote programs by tricking users into clicking specially crafted Markdown links, without displaying any Windows security warnings.

With the release of Windows 1.0, Microsoft introduced Notepad, a simple, easy-to-use text editor that, over the years, became popular for quickly jotting notes, reading text files, creating to-do lists, or acting as a code editor.

For those who needed a rich text format (RTF) editor that supported different fonts, sizes, and formatting tools like bold, italics, and lists, you could use Windows Write and later WordPad.