End-of-Day report
Timeframe: Dienstag 10-02-2026 18:00 - Mittwoch 11-02-2026 18:00
Handler: Guenes Holler
Co-Handler: Felician Fuchs
News
New Linux botnet SSHStalker uses old-school IRC for C2 comms
A newly documented Linux botnet named SSHStalker is using the IRC (Internet Relay Chat) communication protocol for command-and-control (C2) operations.
https://www.bleepingcomputer.com/news/security/new-linux-botnet-sshstalker-uses-old-school-irc-for-c2-comms/
In Bypassing MFA, ZeroDayRAT Is Textbook Stalkerware
With access to SIM, location data, and a preview of recent SMSes, attackers have everything they need for account takeover or targeted social engineering.
https://www.darkreading.com/threat-intelligence/zerodayrat-brings-commercial-spyware-to-mass-market
DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies
The information technology (IT) workers associated with the Democratic Peoples Republic of Korea (DPRK) are now applying to remote positions using real LinkedIn accounts of individuals theyre impersonating, marking a new escalation of the fraudulent scheme.
https://thehackernews.com/2026/02/dprk-operatives-impersonate.html
Kimwolf Botnet Swamps Anonymity Network I2P
For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade takedown attempts against the botnets control servers.
https://krebsonsecurity.com/2026/02/kimwolf-botnet-swamps-anonymity-network-i2p/
Shelly IoT door controller config fail: leaving your garage, home and security exposed
I love my Shelly devices. They are an essential part of my smart home setup. I use them for everything from lights and plugs to garage doors and garden sprinkler control! One of the first Shelly devices I installed about five years ago recently stopped working, so I replaced it with one of their new fourth-generation Shelly 1 devices. That-s when I noticed an issue I hadn-t seen in previous generations.
https://www.pentestpartners.com/security-blog/shelly-iot-door-controller-config-fail-leaving-your-garage-home-and-security-exposed/
Recovery Scam: Wie Betrugsopfer erneut geschädigt werden
Durch Onlinebetrug verlorenes Geld zurückzuholen, das wünschen sich viele Opfer. Und genau diesen Wunsch versuchen Kriminelle für ihre Zwecke zu nutzen. Mit dem sogenannten -Recovery Scam- ziehen sie bereits Geschädigten zusätzlich Geld aus der Tasche. Im Beispielfall geht es um angeblich wiedergefundene Krypto-Assets und für die Rücküberweisung notwendige Vorauszahlungen. Der Köder: Die Website betrugsrecht(.)de.
https://www.watchlist-internet.at/news/recovery-scam-erneut-geschaedigt/
A Peek Into Muddled Libra-s Operational Playbook
Explore the tools Unit 42 found on a Muddled Libra rogue host. Learn how they target domain controllers and use search engines to aid their attacks.
https://unit42.paloaltonetworks.com/muddled-libra-ops-playbook/
Cybersicherheit Zuhause: Privathaushalte als unterschätzte Angriffsfläche
Smartphones, Smarthome-Systeme, Cloud-Dienste und vernetzte Haushaltsgeräte sind längst fester Bestandteil des Alltags. Doch während Unternehmen und Behörden auf etablierte Standards, definierte Prozesse und vorhandene Expertise setzen können, bleibt IT-Sicherheit im privaten Umfeld meistens ungeregelt: Unzureichendes Knowhow, geteilte Passwörter und eine unsichere Konfiguration der gemeinsam genutzten Geräte erhöhen in vielen Familien und Wohngemeinschaften das digitale Risiko erheblich.
https://certitude.consulting/blog/de/cybersicherheit-zuhause-privathaushalte-als-unterschatzte-angriffsflache/
Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure
This joint Cybersecurity Advisory is being published as an addition to the Cybersecurity and Infrastructure Security Agency (CISA) May 6, 2025, joint fact sheet Primary Mitigations to Reduce Cyber Threats to Operational Technology and European Cybercrime Centre-s (EC3) Operation Eastwood, in which CISA, Federal Bureau of Investigation (FBI), Department of Energy (DOE), Environmental Protection Agency (EPA), and EC3 shared information about cyber incidents affecting the operational technology (OT) and industrial control systems (ICS) of critical infrastructure entities in the United States and globally.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-343a
Love Is in the Air - and So Are Scammers: Valentine-s Day 2026 Threats to Watch For
As Valentine-s Day 2026 approaches, people are turning to online shopping, digital dating, and last-minute gift ideas. Unfortunately, cyber criminals are doing the same. Check Point researchers have identified a sharp rise in Valentine-themed phishing websites, fraudulent stores, and fake dating platforms designed to steal personal data and payment information.
https://blog.checkpoint.com/research/love-is-in-the-air-and-so-are-scammers-valentines-day-2026-threats-to-watch-for/
Active Ivanti Exploitation Traced to Single Bulletproof IP-Published IOC Lists Point Elsewhere
The GreyNoise Global Observation Grid observed active exploitation of two critical Ivanti Endpoint Manager Mobile vulnerabilities, and 83% of that exploitation traces to a single IP address on bulletproof hosting infrastructure that does not appear on widely circulated IOC lists.
https://www.greynoise.io/blog/active-ivanti-exploitation
Hope Is Not a Security Strategy: Why Secure-by-Default Beats Hardening
Security has always assumed deterministic behavior. We can-t write policy to prevent bad outcomes when we don-t even know what the agent will do. Sandboxing is the natural answer: everyone is buying Mac Minis to run Moltbot (OpenClaw now), Docker is using microVMs for coding agent sandboxes, and countless projects offer sandboxing tools for AI agents.
https://tuananh.net/2026/02/09/hope-is-not-a-security-strategy/
Vulnerabilities
Sicherheitslücken: Attacken auf Windows, Office und den Internet Explorer
Der Februar fällt im Hinblick auf die Anzahl der zum Microsoft-Patchday geschlossenen Sicherheitslücken wieder etwas milder aus als der Januar. Jedoch befinden sich darunter gleich sechs Lücken, die bereits aktiv ausgenutzt werden. Betroffen sind nicht nur Windows-Systeme, sondern ebenso Microsoft Office und der totgeglaubte Internet Explorer. Nutzer sollten zügig patchen, um sich zu schützen.
https://www.golem.de/news/microsoft-patchday-zero-day-luecken-in-windows-office-und-im-internet-explorer-2602-205258.html
Patchday bei Adobe: After Effects & Co. für Schadcode-Attacken anfällig
Sicherheitspatches schließen mehrere Schwachstellen in Anwendungen von Adobe. Bislang gibt es keine Berichte zu Attacken.
https://www.heise.de/news/Patchday-bei-Adobe-After-Effects-Co-fuer-Schadcode-Attacken-anfaellig-11172390.html
800,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in WPvivid Backup WordPress Plugin
On January 12th, 2026, we received a submission for an Arbitrary File Upload vulnerability in WPvivid Backup, a WordPress plugin with more than 800,000 active installations. This vulnerability can be used by unauthenticated attackers to upload arbitrary files to a vulnerable site and achieve remote code execution, which is typically leveraged for a complete site takeover.
https://www.wordfence.com/blog/2026/02/800000-wordpress-sites-affected-by-arbitrary-file-upload-vulnerability-in-wpvivid-backup-wordpress-plugin/
TP-Link Systems Inc. VIGI Series IP Camera
Successful exploitation of this vulnerability could result in unauthorized users gaining administrative access to affected closed circuit television cameras.
https://www.cisa.gov/news-events/ics-advisories/icsa-26-036-01
LWN Security updates for Wednesday
https://lwn.net/Articles/1058265/