// LIVE

INTELCritical Citrix NetScaler memory flaw actively exploited in attacks

INTELTelnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach

INTELStorm Brews Over Critical, No-Click Telegram Flaw

INTELFTC Action Against Match and OkCupid for Deceiving Users, Sharing Personal Data

INTELTeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Com

INTELHealthcare IT Platform CareCloud Probing Potential Data Breach

INTELSecurity updates for Monday

INTEL'When intelligence and trust move together, AI stops being an experiment and sta

INTELRussian APT Star Blizzard Adopts DarkSword iOS Exploit Kit

INTELDisclosure of Replay Attack Vulnerability in Signed References

INTELHackers now exploit critical F5 BIG-IP flaw in attacks, patch now

INTELTelnyx Targeted in Growing TeamPCP Supply Chain Attack

CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code

CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability

CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi

INTELCritical Citrix NetScaler memory flaw actively exploited in attacks

INTELTelnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach

INTELStorm Brews Over Critical, No-Click Telegram Flaw

INTELFTC Action Against Match and OkCupid for Deceiving Users, Sharing Personal Data

INTELTeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Com

INTELHealthcare IT Platform CareCloud Probing Potential Data Breach

INTELSecurity updates for Monday

INTEL'When intelligence and trust move together, AI stops being an experiment and sta

INTELRussian APT Star Blizzard Adopts DarkSword iOS Exploit Kit

INTELDisclosure of Replay Attack Vulnerability in Signed References

INTELHackers now exploit critical F5 BIG-IP flaw in attacks, patch now

INTELTelnyx Targeted in Growing TeamPCP Supply Chain Attack

CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code

CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability

CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi

OPS INTEL SOURCE: SANS ISC · 2026-02-20

Fake Incident Report Phishing Campaign

— min read

·

GENERATED BY aria-32b

·

VIA SANS ISC

#phishing #incident_reporting #security_awareness

◎

ARIA ANALYSIS aria-32b · 2026-02-20

['近日出现了一种新的钓鱼手法，利用假冒的安全事件报告来吸引目标用户的注意并诱导其点击链接或下载附件。']

TL;DR

['近日出现了一种新的钓鱼手法，利用假冒的安全事件报告来吸引目标用户的注意并诱导其点击链接或下载附件。']

What happened

['2026年2月17日，收到一封电子邮件声称是一个安全事件的通报，但实际上这是为了诱骗用户点击恶意链接或者打开带有病毒的附件而设计的一次钓鱼攻击。邮件中使用了官方的安全报告格式来增加可信度，并且伪造了一个紧急响应的情境以迅速获取收件人的注意力和行动']

Why it matters for ops

['此攻击利用了操作人员在日常工作中对安全事件通报的习惯反应，诱使他们在未仔细审查的情况下采取快速行动，从而导致潜在的数据泄露或系统入侵。']

Mitigation

检查邮件来源
不直接点击可疑链接或下载未知文件
部署高级垃圾邮件过滤器和恶意软件扫描工具

Action items

提高安全意识，识别钓鱼攻击模式
与团队分享此信息并进行培训

Detection IOCs

来自未知发件人的声称包含紧急信息安全更新的邮件
邮件中包含伪造的安全报告附件

Source link

https://isc.sans.edu/diary/rss/32722

// SOURCES

SANS ISC — Original article ↗