End-of-Day report
Timeframe: Donnerstag 19-02-2026 18:00 - Freitag 20-02-2026 18:00
Handler: Guenes Holler
Co-Handler: n/a
News
ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT RAT
Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan (RAT) called MIMICRAT (aka AstarionRAT).
https://thehackernews.com/2026/02/clickfix-campaign-abuses-compromised.html
PromptSpy läutet mit GenAI die Ära der Android-Bedrohungen ein
ESET-Forscher entdecken PromptSpy, die erste bekannte Android-Malware, die generative KI in ihrem Ausführungsablauf nutzt.
https://www.welivesecurity.com/de/eset-research/promptspy-lautet-mit-genai-die-ara-der-android-bedrohungen-ein/
Windows-Editor: Details zur Markdown-Sicherheitslücke
Die Patchday-Updates schließen eine Lücke im Windows-Editor, die das Einschleusen von Schadcode erlaubt. Nun gibt es Details zum Leck.
https://heise.de/-11183516
Crims create fake remote management vendor that actually sells a RAT
Researchers at Proofpoint late last month uncovered what they describe as a "weird twist" on the growing trend of criminals abusing remote monitoring and management software (RMM) as their preferred attack tools.
https://go.theregister.com/feed/www.theregister.com/2026/02/19/rmm_rat_trustconnect/
VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)
On Feb. 6, 2026, BeyondTrust released a security advisory regarding CVE-2026-1731. BeyondTrust is an identity and access management platform. This specific vulnerability involves a pre-authentication remote code execution (RCE) issue within BeyondTrust remote support software. It could allow attackers to execute operating system commands in the context of the site user, which may lead to system compromise, including unauthorized access, data exfiltration and service disruption.
https://unit42.paloaltonetworks.com/beyondtrust-cve-2026-1731/
Vulnerabilities
Atlassian-Sicherheitsupdates: Bamboo und Confluence sind verwundbar
Um zu verhindern, dass Angreifer mehrere Sicherheitslücken in Atlassian Bamboo Data Center and Server, Confluence Data Center and Server sowie Crowd Data Center und Server ausnutzen, sollten Admins die nun verfügbaren Patches umgehend installieren.
https://heise.de/-11183534
Zahlreiche Kernel-Lücken in Dell PowerProtect Data Manager geschlossen
Dells Backuplösung PowerProtect Data Manager ist unter anderem für Schadcode-Attacken anfällig. Sicherheitspatches stehen zum Download bereit.
https://heise.de/-11184164
LWN Security updates for Friday
https://lwn.net/Articles/1059638/