[https://isc.sans.edu/diary/rss] edu/diary/Malicious+Script+Delivering+More+Maliciousness/32682 Xavier Mertens (@xme) Xameco Senior ISC Handler - Freelance Cyber Security Consultant PGP Key Keywords: Campaign Malware Payload Picture Tracking 0 comment(s) ISC Stormcast For Wednesday, February 18th, 2026 https://isc
[https://isc.sans.edu/diary/rss] I created a YARA rule to track them, just curious
[https://isc.sans.edu/diary/rss] It's the same picture: The technique is also exactly the same, the next stage is Base64-encoded and delimited by the same tags: The extracted payload is a
[https://isc.sans.edu/diary/rss] hta The interesting code is here and you can easily spot the powershell string, no need to use AI for this :-) The Powershell payload will fetch another file: hxxps://172[
[https://isc.sans.edu/diary/rss] The exploit triggers the download of an HTA payload that executes a PowerShell payload and finally a DLL: When I investigated the different payload, there was pretty simple to deobfuscated, the interesting code was polluted with Unicode characters
[https://isc.sans.edu/diary/rss] The file in itself is not interesting, it contains a good old Equation Editor exploit ( CVE-2017-11882 )
[https://isc.sans.edu/diary/rss] In the malware infection chain, there was a JPEG picture that embedded the last payload delimited with BaseStart- and -BaseEnd tags
[https://isc.sans.edu/diary/rss] Internet Storm Center Diary 2026-02-18 - SANS ISC --> Internet Storm Center Sign In Sign Up Handler on Duty: Xavier Mertens Threat Level: green Tracking Malware Campaigns With Reused Material Published : 2026-02-18
[https://thehackernews.com/feeds/posts/default] CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update
[https://thehackernews.com/feeds/posts/default] Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware
[https://www.zdnet.com/topic/security/] 5 days ago by Adrian Kingsley-Hughes in Security My 5 favorit
[https://www.zdnet.com/topic/security/] 2 days ago by Jack Wallen in Security How to clear your Google Search cache on Android (and why it s a must for me) If you care about privacy, here s how to manually clear your search data - and set it to automatic 4 days ago by Jack Wallen in Smartphones The best smart TV VPNs of 2026: Expert tested and reviewed I speed-tested the best VPNs for your smart TV for secure streaming and improved privacy
[https://www.zdnet.com/topic/security/] 18 hours ago by Elyse Betters Picaro in TVs How to turn on Private DNS mode on your iPhone - and why you should do it ASAP Unencrypted DNS can expose your browsing activity, but private DNS helps keep it private on iPhone
[https://www.zdnet.com/topic/security/] I would change these 16 settings ASAP - here s why 18 hours ago How to turn on Private DNS mode on your iPhone - and why you should do it ASAP 1 day ago The best hosted endpoint security software of 2026: Expert tested 1 day ago Your home Wi-Fi isn t nearly as private as it should be - 6 free ways to lock it down 2 days ago More ChatGPT s new Lockdown Mode can stop prompt injection - here s how it works OpenAI will now also display an Elevated Risk label when you access certain features that could be risky
[https://www.zdnet.com/topic/security/] A PC expert s bottom line I thought a privacy screen protector was a smart idea - until I put one on my Galaxy S25 Ultra Ubuntu s new opt-in, open-source telemetry is a win-win for Linux users - here s why I tested a $5 phone fix dongle that made bold promises - here s the truth I travel with an iPad that acts like a touchscreen MacBook - here s my setup Latest ChatGPT s new Lockdown Mode can stop prompt injection - here s how it works 6 hours ago Own a TCL TV
[https://linuxsecurity.com] Join the Linux Security community and write real news articles about Linux that matters the most
[https://linuxsecurity.com] Parsers that used to be a pile of Contribute to LinuxSecurity Don’t sit on the sidelines of history
[https://linuxsecurity.com] Meanwhile, the New Rust Tool Traur Analyzes Arch Linux AUR Packages for Hidden Risks 9 - 18 min read Feb 16, 2026 Most of us have pulled something from the AUR because it was faster than packaging it ourselves
[https://linuxsecurity.com] That’s where the alerts are
[https://linuxsecurity.com] Security isn’t just some checkbox for News Router Security After DKnife: Rethinking Trust at the Network Edge 7 - 14 min read Feb 17, 2026 We spend most of our time chasing endpoint infections and identity abuse
[https://linuxsecurity.com] Feb 17, 2026 Fedora 43 mingw-libsoup Crucial Out-of-Bounds Read and Code Execution Patch Backport fixes for CVE-2026-0716, CVE-2026-0719
[https://linuxsecurity.com] Feb 17, 2026 Fedora 43 mingw-python3 Essential Security Patch 2026-b7d0a9aefc Backport fixes for CVE-2025-11468, CVE-2026-0672, CVE-2026-0865, CVE-2025-1
[https://linuxsecurity.com] Feb 17, 2026 Fedora 43 VIM Major Security Update CVE-2026-25749 Code Execution Risk patchlevel 2146 Security fix for CVE-2026-25749
[https://linuxsecurity.com] Feb 17, 2026 Fedora 43 python-pillow Significant Out-of-Bounds Resolution CVE-2026-25990 Backport fix for CVE-2026-25990
[https://www.eff.org/rss/updates.xml] And politicians who can't tell the difference between a security tool and a loophole shouldn't be writing laws about the internet
[https://www.eff.org/rss/updates.xml] org/deeplinks/2025/11/lawmakers-want-ban-vpns-and-they-have-no-idea-what-theyre-doing span As we said last time /span /a span : Our privacy matters
[https://www.eff.org/rss/updates.xml] Tell them protecting young people online should not mean undermining cybersecurity, chilling lawful speech, and forcing residents to hand over their IDs just to browse the internet
[https://www.eff.org/rss/updates.xml] That combination—mass data collection plus vague, expansive speech restrictions—is a recipe for over-censorship, data breaches, and constitutional overreach
[https://www.eff.org/rss/updates.xml] org/pages/age-verification-systems-are-surveillance-systems#main-content span collect sensitive personal data /span /a span (e
[https://www.eff.org/rss/updates.xml] /span /p p span The bill also creates a privacy nightmare