VulnHub

Real-time Cybersecurity News

Week in review: WatchGuard Firebox firewalls attacked, infosec enthusiasts targeted with fake PoCs

Help Net Security
Actively Exploited

Overview

Last week, WatchGuard Firebox firewalls were targeted in a significant cyber attack. These firewalls are widely used in various organizations for network security. Attackers exploited vulnerabilities to gain unauthorized access, which could lead to data breaches or disruptions in network operations. In a related incident, cybersecurity enthusiasts were misled by fake proof-of-concept (PoC) exploits, potentially compromising their research and learning efforts. This situation underscores the ongoing risks that cybersecurity professionals face from both direct attacks and misinformation in the community. Organizations using WatchGuard Firebox devices should ensure their systems are updated and monitor for any suspicious activity.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: WatchGuard Firebox firewalls
  • Action Required: Ensure systems are updated and monitor for suspicious activity.
  • Timeline: Newly disclosed

Original Article Summary

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Building cyber talent through competition, residency, and real-world immersion In this Help Net Security interview, Chrisma Jackson, Director of Cybersecurity & Mission Computing Center and CISO at Sandia National Laboratories, reflects on where the cyber talent pipeline breaks down and what it takes to fix it. She discusses skill gaps, hiring and retention realities, and how cybersecurity careers are evolving … More → The post Week in review: WatchGuard Firebox firewalls attacked, infosec enthusiasts targeted with fake PoCs appeared first on Help Net Security.

Impact

WatchGuard Firebox firewalls

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Ensure systems are updated and monitor for suspicious activity.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 84

Security Affairs

The latest Security Affairs Malware newsletter covers several significant malware threats that have emerged recently. Notably, a group identified as Stan Ghouls is targeting users in Russia and Uzbekistan using the NetSupport Remote Access Trojan (RAT), which allows attackers to control infected systems remotely. Another concerning development is the discovery of ZeroDayRAT, a new spyware designed to infiltrate both Android and iOS devices. Additionally, researchers have uncovered a Linux botnet named SSHStalker, which utilizes old-school IRC methods to compromise new victims. These activities demonstrate the evolving tactics of cybercriminals and emphasize the need for users and organizations to remain vigilant against these persistent threats.

Feb 15, 2026

Week in review: Exploited newly patched BeyondTrust RCE, United Airlines CISO on building resilience

Help Net Security

Last week, a newly patched vulnerability in BeyondTrust's Remote Code Execution (RCE) software was exploited in the wild. This vulnerability poses significant risks as it allows attackers to execute commands on affected systems without authorization. BeyondTrust has issued patches to address this issue, but organizations using the affected software need to act quickly to apply these updates to prevent potential breaches. Additionally, in an interview, Deneen DeFiore, the Chief Information Security Officer at United Airlines, discussed the importance of resilience in cybersecurity. She emphasized that while prevention is crucial, organizations must also prepare for disruptions and manage risks associated with their interconnected vendor and partner ecosystems. This dual focus on resilience and safety is essential for maintaining operational integrity in today's complex digital landscape.

Feb 15, 2026

287 Chrome Extensions Caught Harvesting Browsing Data from 37M Users

Hackread – Cybersecurity News, Data Breaches, AI and More

A recent investigation by Q Continuum has uncovered that 287 Chrome extensions are leaking private browsing data from approximately 37.4 million users to companies like Similarweb and Alibaba. These extensions, often perceived as harmless tools, have been found to convert users' browsing histories into marketable products. The data breach raises significant privacy concerns, particularly for users who may not be aware that their online activities are being monitored and sold. This incident highlights the need for users to be vigilant about the extensions they install and the permissions they grant. As these extensions may not seem malicious at first glance, it serves as a reminder of the potential risks associated with browser add-ons.

Feb 14, 2026

Fintech firm Figure disclosed data breach after employee phishing attack

Security Affairs

Fintech company Figure has confirmed a data breach resulting from a phishing attack that targeted one of its employees. The attackers used social engineering tactics to deceive the employee and gain access to a limited number of files. A spokesperson for Figure stated that while the breach is concerning, the extent of the data compromised is not extensive. This incident raises alarms about the effectiveness of employee training and awareness regarding phishing tactics, which continue to be a significant vulnerability for many organizations. Users and stakeholders of Figure should remain vigilant and monitor for any unusual activity related to their accounts.

Feb 14, 2026

One threat actor responsible for 83% of recent Ivanti RCE attacks

BleepingComputer

Recent threat intelligence reports indicate that a single threat actor is behind the majority of attacks exploiting two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), identified as CVE-2026-21962 and CVE-2026-24061. These vulnerabilities allow for remote code execution, posing significant risks to organizations using this mobile management solution. The findings suggest that companies using Ivanti's software need to be vigilant, as the attacks are actively occurring. The focus on a single actor highlights the need for targeted defenses against this specific threat. Organizations are encouraged to monitor for unusual activity and apply any available patches to mitigate potential exploitation.

Feb 14, 2026

Snail mail letters target Trezor and Ledger users in crypto-theft attacks

BleepingComputer

Attackers are targeting users of cryptocurrency hardware wallets Trezor and Ledger by sending fake physical letters that appear to be from these companies. These letters aim to deceive users into revealing their recovery phrases, which can be used to steal their cryptocurrencies. This tactic exploits the trust users have in these well-known wallet providers and could lead to significant financial losses for those who fall for the scam. It’s crucial for users to be cautious and verify any communications they receive, especially when it comes to sensitive information like recovery phrases. The rise of such scams underscores the need for increased awareness and education around cryptocurrency security.

Feb 14, 2026