%term

Notepad++ Supply Chain Attack Explained | CrowdStrike OverWatch Identified It Months Early

Feb 20, 2026 By CrowdStrike In CrowdStrike

Your next software update could be weaponized. In this short breakdown, we examine how adversaries compromised the Notepad++ update mechanism to distribute malware and how CrowdStrike identified the activity four months before public disclosure.

View Video

CrowdStrike

Read more about Notepad++ Supply Chain Attack Explained | CrowdStrike OverWatch Identified It Months Early

How to check the impact of third-party CVEs on your Elastic deployment

Feb 20, 2026 By Arsalan Khan In Elastic

The Elastic Support Hub now provides instant self-service lookup for CVE impact statements.

Read Post

Elastic

Read more about How to check the impact of third-party CVEs on your Elastic deployment

Is AI Making Us Mentally Lazy? The Hidden Security Risk of Cognitive Offloading

Feb 20, 2026 By SecuritySenses In SecuritySenses

Modern aviation offers a powerful warning about overreliance on automation. When autopilot systems became highly advanced, pilots transitioned from hands-on flying to supervising computer-driven controls. Efficiency improved-but skill degradation followed. In rare moments when automation failed, even seasoned pilots sometimes struggled with basic manual maneuvers.

Read Post

SecuritySenses

Read more about Is AI Making Us Mentally Lazy? The Hidden Security Risk of Cognitive Offloading

Disclosure: XWiki CSS Injection (CVE-2026-26000)

Feb 19, 2026 By Tom Keech In Sentrium

During independent security research, a CSS injection vulnerability (CVE-2026-26000) was identified in the XWiki platform. XWiki is an open-source enterprise wiki and collaboration platform commonly used for internal documentation and knowledge management. According to XWiki, the platform has over 8,000 active installations and is used by organisations such as Lenovo and Amazon, meaning vulnerabilities can affect a large and diverse user base.

Read Post

Sentrium

Read more about Disclosure: XWiki CSS Injection (CVE-2026-26000)

EventLog-in: Propagating With Weak Credentials Using the Eventlog Service in Microsoft Windows (CVE-2025-29969)

Feb 19, 2026 By SafeBreach In SafeBreach

While attackers often find low-privileged credentials after creating a process dump of LSASS or harvesting hashes with a tool like Responder, they are rarely able to do anything with those credentials (RDP aside). We set out to discover how malicious actors might exploit Microsoft Windows remote procedure call (RPC) protocols to gather data remotely as a low-privileged user using RPC as an attack surface.

Read Post

SafeBreach

Read more about EventLog-in: Propagating With Weak Credentials Using the Eventlog Service in Microsoft Windows (CVE-2025-29969)

Hiding in Plain Pixels: Malicious NPM Package Found

Feb 19, 2026 By Veracode Threat Research In Veracode

A Malicious NPM Package Hides Pulsar .NET Malware Inside PNG Images.

Read Post

Veracode

Read more about Hiding in Plain Pixels: Malicious NPM Package Found

Vulnerability Remediation: From Scan Results to Real Fixes

Feb 19, 2026 By Indusface In Indusface

Vulnerability scanning is useless if you don’t fix what you find. This short breaks down a practical vulnerability remediation process to prioritize risk, patch faster, and reduce real-world exposure. Learn how security teams move from detection to closure, without months of backlog.

View Video

Indusface

Read more about Vulnerability Remediation: From Scan Results to Real Fixes

How "Clinejection" Turned an AI Bot into a Supply Chain Attack

Feb 19, 2026 By Stephen Thoemmes In Snyk

On February 9, 2026, security researcher Adnan Khan publicly disclosed a vulnerability chain (dubbed "Clinejection") in the Cline repository that turned the popular AI coding tool's own issue triage bot into a supply chain attack vector. Eight days later, an unknown actor exploited the same flaw to publish an unauthorized version of the Cline CLI to npm, installing the OpenClaw AI agent on every developer machine that updated during an eight-hour window.

Read Post

Snyk

Read more about How "Clinejection" Turned an AI Bot into a Supply Chain Attack

Why Patching Cadence Should Be a Risk Priority in 2026

Feb 19, 2026 By Emma Stevens In BitSight

Patching cadence is a critical component of maintaining an organization’s cybersecurity posture. It refers not just to whether patches are applied, but how quickly and consistently vulnerabilities are addressed across systems and software. A regular, timely patching process reduces the window of exposure to known vulnerabilities, limiting opportunities for exploitation and strengthening overall vulnerability management.

Read Post

BitSight

Read more about Why Patching Cadence Should Be a Risk Priority in 2026

Remediate transitive vulnerabilities faster with Datadog Software Composition Analysis

Feb 18, 2026 By Gorka Vicente In Datadog

Security teams are responsible for finding and remediating vulnerable dependencies within applications that are built from large ecosystems of frameworks, SDKs, and utilities. What makes this task especially challenging is that these dependencies can pull in dozens or even hundreds of transitive dependencies through complex dependency chains. Even when scanners identify what’s vulnerable, teams still often lack the information they need about the dependency chain to safely address the issue.

Read Post