OPS INTEL

HIGH 95% confidence advisory

CISA Adds New KEV Catalog Entry for CVE-2026-25108

['CISA has added a new entry to its Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation, highlighting the need for swift.

['This update underscores the importance of monitoring and addressing known vulnerabilities proactively to mitigate cyber risks.', 'The inclusion in the KEV Catalog signals a significant risk that requires immediate reme

Federal Civilian Executive Branch (FCEB) AgenciesAll Organizations

action items (2)

• Review CISA's KEV Catalog regularly for new entries affecting your environment.
• Ensure compliance with BOD 22-01 requirements for FCEB agencies regarding known exploited vulnerabilities.

CISA Current Activity · 2026-02-24T19:56

CRITICAL 95% confidence outage

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

A critical flaw in GitHub Codespaces allowed Copilot to leak sensitive tokens via crafted instructions in GitHub issues. The vulnerability has been patched by.

['Potential data exposure through compromised environments', 'Risks associated with automated coding tools like Copilot']

GitHub usersCI/CD pipeline maintainers

action items (2)

• Patch any exposed repositories or tokens
• Monitor for suspicious activities in your GitHub environment

The Hacker News · 2026-02-24T19:56

MEDIUM 85% confidence advisory

Open Redirects: A Forgotten Vulnerability

['Unvalidated redirects are often overlooked but can lead to serious security issues.', 'Learn about the risks and mitigation strategies for open redirect.

['Unvalidated redirects can lead to unauthorized access or injection attacks by directing users to malicious sites bypassing authentication checks.', 'While often considered low risk, these vulnerabilities can be exploit

Web applicationsIT infrastructure

action items (3)

• Review and update security policies regarding open redirects.
• Conduct thorough audits of existing web application codebases for vulnerable redirect functions.
• Educate developers about the risks associated with unvalidated redirects and forwards.

SANS ISC · 2026-02-24T19:27

HIGH 85% confidence outage

Lazarus Group Uses Medusa Ransomware Against Healthcare Orgs

["North Korea's Lazarus Group deploys new Medusa ransomware targeting US healthcare organizations and Middle Eastern entities, highlighting evolving cyber.

['Healthcare organizations are critical targets due to sensitive data and high-pressure situations.', 'The use of new ransomware indicates a proactive approach by Lazarus Group to avoid detection and maintain operational

Healthcare providersCritical infrastructure operatorsData security professionals

action items (3)

• Review and enhance backup protocols to ensure quick recovery from ransomware attacks.
• Deploy advanced threat detection solutions capable of identifying unknown malware like Medusa.
• Strengthen cybersecurity awareness programs within healthcare organizations

The Register · 2026-02-24T19:26

CRITICAL 95% confidence cve

ZDI-26-076: GFI Archiver MARC.Store Deserialization Vulnerability

Remote attackers can execute arbitrary code on affected GFI Archiver installations via a deserialization of untrusted data vulnerability, CVSS rating 8.8. Inclu

['Exploits allow unauthorized access and command execution', 'Potentially leads to data theft or system compromise']

GFI Archiver users

action items (2)

• Update to the latest version with security fixes
• Review and adjust authentication protocols

Zero Day Initiative · 2026-02-24T16:26