Welcome to the February 10th edition of ONSEC Cyber Daily, where we unravel the tangled web of today's most pressing cybersecurity threats. As Valentine's Day approaches, love isn't the only thing in the air—AI-driven romance scams are on the rise, leaving online daters vulnerable to heartbreak and financial loss. Meanwhile, Irish households face a new wave of cyberattacks targeting unregulated streaming devices, underscoring the need for vigilance in our digital lives. Across the globe, a massive cyber espionage campaign has put 37 nations, including India, on high alert, revealing the shadowy underbelly of international cyber warfare. As if that weren't enough, critical vulnerabilities in popular software like Ivanti and BeyondTrust demand immediate attention to prevent exploitation. Join us as we dive into these stories and more, equipping you with the knowledge to navigate the ever-evolving cybersecurity landscape. Stay informed, stay secure.

Exploits Alert

1. AI Romance Scams: Valentine's Day Vulnerability Alert: Norton has discovered that two in five online daters have been targeted by AI-driven romance scams, highlighting a significant vulnerability around Valentine's Day. The scams exploit emotional connections to extract personal information and financial assets from unsuspecting victims. Source: Mirage News
2. Millions of Irish Homes Warned Over New TV Streaming & Android Telly Cyberattack: An urgent warning has been issued to Irish households about large-scale cyberattacks targeting unregulated streaming devices. These attacks could compromise personal data and privacy, urging users to secure their devices immediately. Source: The Sun
3. Warning Issued to Irish 'Dodgy Box' Owners Following Large-Scale Cyber Attacks: Irish residents using unregulated streaming devices, known as "dodgy boxes," are at risk of cyberattacks. These devices are increasingly vulnerable, prompting authorities to advise users to enhance their cybersecurity measures. Source: Independent.ie
4. CERT Issues Urgent Warning Over Critical Ivanti Mobile Security Flaw: Pakistan's National CERT has identified a critical security flaw in Ivanti's mobile software, posing a high-risk threat. This vulnerability could allow attackers to gain unauthorized access to sensitive data, necessitating immediate updates and patches. Source: TechJuice
5. Shadow Campaigns Exposed: 37 Nations Hit in Massive Cyber Espionage Drive, India on High Alert: A coordinated cyber espionage campaign has targeted 37 nations, including India, affecting government and corporate sectors. This sophisticated operation underscores the need for heightened cybersecurity vigilance and international cooperation. Source: The 420

Vulnerabilities & Patches

1. SolarWinds WHD Vulnerability Exploited: Attackers are targeting SolarWinds Web Help Desk (WHD) using a mystery bug, while SolarWinds has patched CVE-2025-40536, a high-severity vulnerability. This flaw is a patch bypass of CVE-2024-28988, indicating a complex chain of vulnerabilities. Organizations using WHD are advised to update to the latest version to mitigate potential risks. Source: The Register
2. BeyondTrust Critical RCE Flaw: BeyondTrust has issued an urgent patch for a critical remote code execution (RCE) flaw, CVE-2026-1731, in its Remote Support software. This vulnerability, with a CVSS score of 9.9, could allow attackers to execute arbitrary code without authentication. Users are strongly advised to apply the patch immediately to prevent potential exploitation. Source: LinkedIn
3. Ivanti EPMM RCE Vulnerabilities: Emergency patches have been released for two critical RCE vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), including CVE-2026-1281. These vulnerabilities, with a CVSS score of 9.8, have been added to CISA's Known Exploited Vulnerabilities list, highlighting their severity. Organizations using EPMM should apply the patches to secure their systems. Source: SC Media
4. Fortinet FortiClient EMS Vulnerability: A critical vulnerability, CVE-2026-21643, has been discovered in Fortinet's FortiClient EMS, allowing remote code execution via SQL injection. Fortinet has quickly released a patch, emphasizing the importance of monitoring network logs for suspicious activity. Users are urged to update their systems to prevent exploitation. Source: GBHackers
5. European Commission Cyberattack: The European Commission has been targeted by cyberattackers exploiting vulnerabilities in a mobile management platform. Ivanti has released patches for CVE-2026-1281 and CVE-2026-1340 to address these flaws. Organizations are advised to apply these updates to safeguard against potential breaches. Source: Help Net Security

Podcasts

1. Can Iran's SAM Network Survive a US Cyber and Electronic Storm?: This episode delves into the vulnerabilities of Iran's air-defense systems, exploring how they might be compromised by cyber and electronic warfare tactics before any physical military engagement. The discussion provides insights into the strategic implications of such cyber capabilities. Source: WION Podcast.
2. The Department of Know: AWS Intruder Heist, Windows Update Flaws - CISO Series: This podcast episode covers recent cybersecurity challenges, including a breach involving AWS and vulnerabilities in Windows updates. It also touches on the GSA's CMMC requirements, providing listeners with a comprehensive overview of current security issues. Source: CISO Series.
3. The CISO Brief: Critical Infrastructure, CEOs Back Down on AI, and How to Navigate AI Threats: In this episode, the Cyber Daily team discusses the impact of AI on critical infrastructure and the hesitancy of CEOs to fully embrace AI technologies. The podcast offers strategies for navigating the complex landscape of AI threats. Source: Cyber Daily.
4. Breaking Into Cybersecurity and AI: Career Advice from the Expert - ClearanceJobs: This episode provides valuable career advice for those looking to enter the fields of cybersecurity and AI. It addresses common challenges and offers practical tips from industry experts to help newcomers navigate their career paths. Source: ClearanceJobs.
5. PREVIEW: CISO Series Podcast LIVE in Orlando, FL 3-6-26: This preview highlights the upcoming live recording of the CISO Series Podcast at Zero Trust World 2026 in Orlando. The episode promises engaging discussions on cybersecurity trends and innovations, making it a must-attend event for industry professionals. Source: CISO Series.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is as dynamic as ever. From AI romance scams targeting the vulnerable hearts of online daters to large-scale cyberattacks threatening Irish households, the need for vigilance is paramount. As Valentine's Day approaches, let's not only protect our hearts but also our devices. The stories we've shared today highlight the importance of staying informed and proactive in the face of evolving cyber threats. Whether it's patching critical vulnerabilities or being wary of too-good-to-be-true online connections, knowledge is your best defense. We hope you found today's insights valuable. If you did, please share this newsletter with your friends and colleagues. Together, we can build a community that's not only informed but also prepared to tackle the challenges of the digital age. Stay safe, stay secure, and we'll see you in the next edition of ONSEC Cyber Daily!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn