Welcome to the February 19th edition of ONSEC Cyber Daily, where today's narrative unfolds like a high-stakes cyber thriller. Our story begins with the silent yet pervasive presence of cybersecurity vulnerabilities, lurking in the shadows, waiting to be discovered. As we delve deeper, we encounter a formidable cast of cybercriminals and state-backed hackers, each exploiting zero-day vulnerabilities in widely used technologies—from Dell's operational systems to Google's Chrome browser. Federal agencies are on high alert, racing against time to patch critical flaws before they are weaponized by sophisticated actors. Meanwhile, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and India's CERT-In issue urgent warnings, urging immediate action to safeguard against these threats. In a world where vulnerabilities are as inevitable as the sunrise, today's newsletter connects the dots between these unfolding events, highlighting the urgent need for vigilance and proactive defense. Join us as we navigate this intricate web of cyber threats and defenses, ensuring you're equipped with the knowledge to stay one step ahead in this ever-evolving digital landscape.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

Exploits Alert

1. Fed agencies ordered to patch Dell bug by Saturday after exploitation warning: A Chinese state-backed hacking group is actively exploiting a zero-day vulnerability in a popular line of Dell products, prompting urgent action from federal agencies. The vulnerability poses a significant risk to operational and disaster recovery systems, necessitating immediate patching to prevent potential breaches. Source: The Record
2. Critical infra Honeywell CCTVs vulnerable to auth bypass flaw: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a critical vulnerability in multiple Honeywell CCTV products. This flaw could allow unauthorized access, posing a severe threat to critical infrastructure security. Organizations using these products are advised to apply patches promptly to mitigate risks. Source: BleepingComputer
3. Indian Government Issues HIGH RISK Alert For Google Chrome Users: The Indian cybersecurity agency CERT-In has released a high-severity alert for Google Chrome users due to critical vulnerabilities. These vulnerabilities could potentially allow attackers to execute arbitrary code, highlighting the importance of updating to the latest browser version. Source: YouTube
4. Microsoft Warns of ClickFix Attack Abusing DNS Lookups: Microsoft has identified a new DNS vulnerability being exploited in what is termed the "ClickFix Attack." This vulnerability allows attackers to manipulate DNS lookups, potentially leading to data breaches and unauthorized access. Users are urged to apply security updates to protect against this threat. Source: OODAloop
5. CISA Warns of Google Chromium 0-Day Vulnerability Actively Exploited in Attacks: A zero-day vulnerability in Google Chromium is under active exploitation, as reported by CISA. This vulnerability is being leveraged in attacks, making it crucial for users to update their systems immediately to safeguard against potential security breaches. Source: Cybersecurity News

Vulnerabilities & Patches

1. Firefox v147 Fixes CVE-2026-2447 Heap Overflow Bug: Firefox version 147.0.4 addresses a critical heap buffer overflow vulnerability, CVE-2026-2447, in the libvpx library. This flaw could potentially allow remote code execution, making it a high-risk issue for users. Mozilla's timely patch is crucial to prevent exploitation. Source: The Cyber Express
2. Google Releases High-Severity Patch for Chrome Zero-Day Vulnerability CVE-2026-2441: Google has issued a critical patch for a zero-day vulnerability in Chrome, identified as CVE-2026-2441. This high-severity flaw could be exploited for remote code execution, emphasizing the need for immediate updates to protect users. Source: SSB Crack
3. Fed Agencies Ordered to Patch Dell Bug by Saturday After Exploitation Warning: A critical vulnerability, CVE-2026-22769, in Dell's RecoverPoint for VMs has been actively exploited by a sophisticated threat actor. Federal agencies have been instructed to apply patches immediately to mitigate potential risks. Source: The Record
4. Libraseva Urges Users to Patch Now as It Issues Emergency Fix Following Attacks: Libraseva has released an emergency patch for CVE-2025-59689, a medium-severity remote command execution vulnerability. The flaw was exploited through compressed email attachments, prompting urgent updates to prevent further attacks. Source: MSN
5. CVE-2026-25903 Impacts Apache NiFi Users: Apache NiFi users are urged to update to the latest version to address CVE-2026-25903, a vulnerability that could lead to unauthorized access. The patch enforces stricter authorization checks, enhancing security for affected systems. Source: eSecurity Planet

Podcasts

1. VIDEO PODCAST: Breaking down the youX cyber breach - Broker Daily: This episode features a deep dive into the youX cyber breach, with insights from Cyber Daily's deputy editor. The discussion covers the breach's impact and the lessons learned for future cybersecurity strategies. Source.
2. Ahead of the Threat Podcast: Season 2, Episode 1 — John Hultquist: Hosted by Brett Leatherman, this episode welcomes John Hultquist to discuss emerging cyber threats and the FBI's role in combating them. The conversation provides a unique perspective on the evolving landscape of cybersecurity. Source.
3. The Banking on AI Podcast episode 7 | TD Stories: This episode explores the intersection of cybersecurity, data analytics, and AI within the banking sector. It highlights TD's innovative approach to integrating these technologies into their operations. Source.
4. Professor Paul Van Oorschot Featured on World Leaders in Cryptography Podcast: This episode features Professor Paul Van Oorschot discussing advancements in cryptography and its implications for cybersecurity. The conversation delves into cutting-edge research and its practical applications. Source.
5. EU Energy Projects Podcast: Chronicle, Reflex and EFORT: This episode focuses on cybersecurity within Europe's energy systems, discussing projects like Chronicle and Reflex. It highlights efforts to enhance the resilience and flexibility of energy infrastructures. Source.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that cybersecurity vulnerabilities are a persistent and evolving challenge. From the lurking threats in your VPN to the urgent patches needed for Dell and Google Chrome, the landscape is ever-changing. Whether it's a cybercriminal group exploiting a zero-day vulnerability or a critical flaw in widely-used software, staying informed is your first line of defense. We hope today's insights have armed you with the knowledge to protect your digital world. Remember, cybersecurity is a shared responsibility. If you found this newsletter valuable, please share it with your friends and colleagues. Together, we can build a more secure digital future. Stay vigilant, stay informed, and see you tomorrow for more updates on the cyber frontier!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn