HIGH 90% confidence outage

AWS Incident: Over 600 FortiGate Firewalls Compromised

['Russian-speaking cybercriminals used AI tools to compromise over 600 internet-exposed FortiGate firewalls across 55 countries.', 'Incident highlights the.

['Generative AI was used to enhance attack vectors and automate discovery of vulnerable firewalls.', 'Lack of proper firewall security practices and exposure to the internet made these devices susceptible to attacks.']

Network administratorsSecurity professionals

action items (2)

• Conduct a thorough audit of exposed network infrastructure.
• Review and enhance firewall security configurations immediately.

The Register · 2026-02-23T12:01

HIGH 85% confidence outage

Malicious npm Packages Harvest Crypto Keys

['Active supply chain worm campaign uses npm packages to steal credentials and crypto keys.', 'Researchers warn of SANDWORM_MODE campaign leveraging 19+. Read f

['Malicious packages can compromise build integrity and steal sensitive credentials.', 'Supply chain attacks pose significant risks to software delivery processes.']

javascript_devsnpm_usersdevops_teams

action items (2)

• Audit npm packages used across the organization
• Implement or enforce security policies for third-party software integration

The Hacker News · 2026-02-23T11:31

CRITICAL 95% confidence cve

ZDI-26-105 MLflow Tracking Server Vulnerability

Remote attackers can execute arbitrary code on MLflow Tracking Server due to a directory traversal flaw. No auth required. Includes severity, confidence, and ac

['Failure to sanitize input leads to directory traversal vulnerability', 'Lack of proper access controls allows RCE']

MLflow usersDevOps teams managing MLflow deployments

action items (2)

• Upgrade MLflow Tracking Server to mitigate vulnerability
• Monitor logs and network traffic for suspicious activity

Zero Day Initiative · 2026-02-23T11:01

HIGH 95% confidence cve

ZDI-26-104: Sante DICOM Viewer Pro Buffer Overflow Vulnerability

Remote code execution vulnerability in Sante DICOM Viewer Pro requires user interaction to exploit. CVE-2026-2034. Includes severity, confidence, and actionable

['User must interact with malicious content to trigger vulnerability', 'Exploitation requires visiting compromised or attacker-controlled sites, opening of malicious files']

Healthcare IT SystemsMedical Imaging Departments

action items (2)

• Apply available security updates
• Conduct a risk assessment for DICOM Viewer Pro usage

Zero Day Initiative · 2026-02-23T10:31

HIGH 95% confidence cve

ZDI-26-103: Oracle VirtualBox VMSVGA OOB Access Local Privilege Escalation Vulnerability

A critical local privilege escalation vulnerability (CVE-2026-21956) in Oracle VirtualBox's VMSVGA component allows attackers to execute high-privileged code.

['Understanding and mitigating vulnerabilities is crucial for maintaining system security.', 'This vulnerability can lead to unauthorized access and control of systems running affected software.']

Oracle VirtualBox usersEnterprise IT environments

action items (2)

• Review system configurations and update to the latest version of Oracle VirtualBox.
• Implement strict access controls on guest systems running affected software.

Zero Day Initiative · 2026-02-23T10:01