HIGH 95% confidence cve

ZDI-26-106 AutoCAD CATPART File Parsing OOB Write RCE Vulnerability

A remote code execution flaw in Autodesk AutoCAD affects CATPART file parsing. Requires user interaction to execute malicious code. Includes severity, confidenc

['Users may execute remote code without their knowledge', 'Vulnerability can be leveraged for lateral movement within networks']

Engineering DepartmentsIT Security Teams

action items (2)

• Apply available security updates immediately
• Monitor for signs of exploitation via log reviews

Zero Day Initiative · 2026-02-22T13:01

HIGH 90% confidence cve

CISA Adds Four Active Exploit Vulnerabilities to KEV Catalog

Four security flaws flagged by CISA under active exploitation, including CVE-2026-2441 in Google Chrome. Includes severity, confidence, and actionable response

["CISA's additions to the KEV list signal heightened risk for organizations using affected software.", 'Immediate action is required to mitigate potential security breaches due to these vulnerabilities.']

Google Chrome usersNetwork Administrators

action items (2)

• Install latest security patches for affected software components.
• Review CISA’s KEV catalog regularly for updates on exploitable vulnerabilities.

The Hacker News · 2026-02-22T12:31

HIGH 90% confidence outage

Notepad++ Fixes Hijacked Update Mechanism for Malware Delivery

['Notepad++ releases version 8.9.2 to address a hijacked update mechanism exploited by Chinese threat actors.', "Fixes include enhanced verification and. Read f

['Understanding and mitigating risks associated with software supply chain security is critical.', 'Operators need to ensure their tools are updated and secured against such exploits.']

Windows operating system usersDevelopers using Notepad++ for code editing

action items (2)

• Verify all systems running outdated versions of Notepad++ and schedule upgrades
• Review security policies regarding software supply chain integrity

The Hacker News · 2026-02-22T12:01

CRITICAL 95% confidence outage

Dell RecoverPoint for VMs Zero-Day Exploit Report

["Google Mandiant and GTIG report exploitation of Dell RecoverPoint for Virtual Machines' CVE-2026-22769 since mid-2024 by UNC6201 threat cluster.", "Severe.

['This incident highlights the importance of continuous security monitoring and prompt patching for enterprise solutions like Dell RecoverPoint for VMs.', 'Operators need to assess their exposure and take necessary steps

Dell RecoverPoint UsersEnterprise Backup Solutions

action items (2)

• Immediately review system configurations for any use of default or hardcoded credentials.
• Implement additional monitoring on virtual machine environments and log activity related to the affected software.

The Hacker News · 2026-02-22T11:31

HIGH 95% confidence advisory

Critical Flaws in Four VS Code Extensions Affecting Over 125M Users

Four widely used VS Code extensions are vulnerable to critical flaws that could allow attackers to steal local files and execute code remotely. Includes severit

['Potential loss of sensitive data', 'Risk of unauthorized system access']

VS Code usersSoftware developers using VS Code extensions

action items (2)

• Scan for installed vulnerable extension versions
• Deploy security patches and updates

The Hacker News · 2026-02-22T11:01