MEDIUM 85% confidence advisory

Open Redirects: A Forgotten Vulnerability

['Unvalidated redirects are often overlooked but can lead to serious security issues.', 'Learn about the risks and mitigation strategies for open redirect.

['Unvalidated redirects can lead to unauthorized access or injection attacks by directing users to malicious sites bypassing authentication checks.', 'While often considered low risk, these vulnerabilities can be exploit

Web applicationsIT infrastructure

action items (3)

• Review and update security policies regarding open redirects.
• Conduct thorough audits of existing web application codebases for vulnerable redirect functions.
• Educate developers about the risks associated with unvalidated redirects and forwards.

SANS ISC · 2026-02-24T19:27

HIGH 85% confidence outage

Lazarus Group Uses Medusa Ransomware Against Healthcare Orgs

["North Korea's Lazarus Group deploys new Medusa ransomware targeting US healthcare organizations and Middle Eastern entities, highlighting evolving cyber.

['Healthcare organizations are critical targets due to sensitive data and high-pressure situations.', 'The use of new ransomware indicates a proactive approach by Lazarus Group to avoid detection and maintain operational

Healthcare providersCritical infrastructure operatorsData security professionals

action items (3)

• Review and enhance backup protocols to ensure quick recovery from ransomware attacks.
• Deploy advanced threat detection solutions capable of identifying unknown malware like Medusa.
• Strengthen cybersecurity awareness programs within healthcare organizations

The Register · 2026-02-24T19:26

CRITICAL 95% confidence cve

ZDI-26-076: GFI Archiver MARC.Store Deserialization Vulnerability

Remote attackers can execute arbitrary code on affected GFI Archiver installations via a deserialization of untrusted data vulnerability, CVSS rating 8.8. Inclu

['Exploits allow unauthorized access and command execution', 'Potentially leads to data theft or system compromise']

GFI Archiver users

action items (2)

• Update to the latest version with security fixes
• Review and adjust authentication protocols

Zero Day Initiative · 2026-02-24T16:26

HIGH 90% confidence outage

Lazarus Group Uses Medusa Ransomware in Healthcare Attacks

The Lazarus Group, linked to North Korea, used Medusa ransomware in attacks targeting U.S. and Middle East healthcare entities. Includes severity, confidence, a

['Ransomware poses significant data exfiltration risk', 'Medusa variant may evade traditional detection']

Healthcare organizationsIT security teams

action items (3)

• Review security logs for suspicious activity
• Increase monitoring of healthcare IT infrastructure
• Educate staff on ransomware prevention

The Hacker News · 2026-02-24T16:26

HIGH 90% confidence outage

West Midlands Police and Generative AI Misstep

["UK Parliament delivers official review of West Midlands Police's use of Copilot AI, highlighting risks in AI-driven public order decisions.", 'Case study on.

['The misuse of generative AI in critical systems underscores the importance of rigorous testing and validation processes before deployment.', 'Lack of oversight and understanding of AI limitations led to inappropriate i

Public safetyLaw enforcement

action items (2)

• Conduct a thorough review of existing AI implementations in public order contexts.
• Develop guidelines and best practices for the ethical use of generative AI in law enforcement operations.

The Register · 2026-02-24T11:56