Welcome to the February 11th edition of ONSEC Cyber Daily, where today's headlines weave a cautionary tale of cyber resilience. In the wake of a significant cyberattack on Poland's energy grid, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning, underscoring the vulnerabilities within critical infrastructure. As the digital battlefield expands, Bitsight's groundbreaking dark web intelligence for supply chains emerges as a beacon of proactive defense. Meanwhile, Microsoft's latest Patch Tuesday addresses six actively exploited zero-day vulnerabilities, reminding us of the relentless pace of cyber threats. Join us as we delve into these pivotal developments, exploring the interconnected web of cybersecurity challenges and innovations shaping our digital landscape.

Exploits Alert

1. Poland Energy Grid Cyberattack Prompts CISA Warning: Following a significant cyberattack on Poland's energy grid, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to U.S. critical infrastructure entities. The attack underscores the vulnerabilities in energy systems and the urgent need for enhanced cybersecurity measures. Source: CyberScoop.
2. Bitsight Unveils Dark Web Intelligence for Supply Chains: Bitsight has launched the first dark web intelligence tool specifically for supply chains, aiming to transform third-party risk management. This innovation allows companies to gain deeper insights into potential threats lurking in the deep and dark web. Source: Bitsight.
3. Windows Error Reporting Vulnerability Exploited: A vulnerability in Windows Error Reporting has been identified, allowing attackers to elevate privileges. Organizations are advised to test their defenses using Breach and Attack Simulation (BAS) tools to mitigate potential risks. Source: Cyber Press.
4. NCSC Warns of Severe Cyber-Attacks on Critical Infrastructure: The National Cyber Security Centre (NCSC) has issued a warning to critical national infrastructure providers about severe cyber-attacks. The alert emphasizes the need for immediate action to protect essential services from potential disruptions. Source: Infosecurity Magazine.
5. Critical Vulnerability in C&Cm@il Allows Admin Access: A critical vulnerability (CVE-2026-2234) in C&Cm@il, developed by HGiga, has been discovered, enabling unauthenticated remote attackers to gain admin access. This flaw poses a significant risk, necessitating urgent security patches. Source: Digg.

Vulnerabilities & Patches

1. Microsoft Patch Tuesday February 2026 Fixes 6 Zero-Days Under Attack: Microsoft has released patches for six zero-day vulnerabilities actively exploited in the wild. Notably, CVE-2026-21510, a Windows Shell security feature bypass, allows attackers to trick users into opening malicious links or shortcut files. This update is crucial for maintaining system security. Source: News9 Live
2. CVE-2026-1731: RCE Risk in BeyondTrust RS and PRA: A critical remote code execution vulnerability, CVE-2026-1731, has been identified in BeyondTrust RS and PRA. This flaw can be exploited with low complexity, necessitating immediate patching to prevent potential breaches. Source: SOCRadar
3. Microsoft February 2026 Patch Tuesday Fixes 50+ Vulnerabilities, Including 6 Zero-Day Flaws: This month's Patch Tuesday addresses over 50 vulnerabilities, with six zero-days under active exploitation. CVE-2026-21510, affecting Windows Shell, is particularly dangerous as it bypasses security features, emphasizing the need for prompt updates. Source: LinkedIn
4. Critical Vulnerability in BeyondTrust Software Requires Urgent Patching: BeyondTrust software users are urged to patch CVE-2026-1731, a pre-authentication remote code execution flaw. Exploitable through low-complexity attacks, this vulnerability poses a significant risk if left unaddressed. Source: SC Media
5. Microsoft Fixes Six Actively Exploited Flaws in Latest Windows 11 Update: Among the critical fixes is CVE-2026-21531, a remote code execution flaw in Azure SDK with a CVSS score of 9.8. While no active exploits have been reported, the high severity of this vulnerability demands immediate attention. Source: CyberInsider

Podcasts

1. When We See White Smoke, We Know We Have a New CISO: This podcast episode from the CISO Series explores the process and significance of appointing a new Chief Information Security Officer (CISO). Hosts David Spark and Andy Ellis, along with guest Russ Ayres, delve into the challenges and responsibilities that come with the role, providing insights into leadership in cybersecurity. Source.
2. Beyond The Malware: The Leadership Test Hiding Inside Every Ransomware Event: In this episode of The Cyber Periscope, the focus is on the leadership challenges that arise during ransomware events. The discussion highlights the importance of strategic decision-making and resilience in the face of cyber threats, offering listeners a deeper understanding of the human element in cybersecurity. Source.
3. Internet Governance Explained: This podcast series from Freie Universität Berlin provides an in-depth look at the complexities of internet governance. Recent episodes cover topics such as cybersecurity, post-quantum security, and the role of government in digital spaces, making it a valuable resource for anyone interested in the intersection of technology and policy. Source.
4. APDR Podcast Episode 127 with Host Kym Bergmann: Hosted by Kym Bergmann, this episode of the Asia Pacific Defence Reporter podcast covers a range of topics including cybersecurity, IT, and government policy. The discussion provides insights into the latest trends and challenges in the defense sector, making it a must-listen for industry professionals. Source.
5. Cybersecurity News: February 10, 2026: This episode from the CISO Series offers a roundup of the latest cybersecurity headlines, providing listeners with timely updates and expert analysis. The podcast is a valuable resource for staying informed about the ever-evolving landscape of cyber threats and defenses. Source.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is as dynamic as ever. From the alarming cyberattack on Poland's energy grid prompting CISA's urgent warnings to the U.S., to the innovative strides in dark web intelligence for supply chains, the need for vigilance and proactive measures is more critical than ever. The recent Microsoft Patch Tuesday, addressing six zero-day vulnerabilities, underscores the relentless efforts required to safeguard our digital infrastructure. In this interconnected world, staying informed is our best defense. We encourage you to share this newsletter with your friends and colleagues, helping us build a community that is well-prepared and resilient against cyber threats. Together, we can navigate the complexities of cybersecurity and ensure a safer digital future for all. Stay secure, stay informed, and see you in the next edition of ONSEC Cyber Daily!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn