CRITICAL 95% confidence cve

CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog

Two critical vulnerabilities in Roundcube webmail software have been added by CISA to the Known Exploited Vulnerabilities (KEV) catalog due to evidence of.

['To alert administrators about actively exploited vulnerabilities', 'To encourage prompt patching and risk assessment']

Linux Web ServersMail Servers

action items (2)

• Update Roundcube to the latest version
• Review security configurations

The Hacker News · 2026-02-21T14:21

MEDIUM 85% confidence general

Claude Code Security Launches with AI-Powered Vulnerability Scanning

Anthropic introduces Claude Code Security for AI-driven vulnerability scanning in software codebases. Preview available to Enterprise and Team customers. Includ

['Enhance security posture through automated vulnerability detection', 'Facilitate timely patching of identified issues']

DevOps teamsIT security professionals

action items (2)

• Evaluate Claude Code Security for compatibility with current workflows
• Plan integration of new tool into SDLC

The Hacker News · 2026-02-21T10:51

CRITICAL 95% confidence cve

BeyondTrust Flaw Exploited for Web Shells and Data Exfiltration

Threat actors exploit CVE-2026-1731 to deploy web shells, backdoors, and exfiltrate data via BeyondTrust Remote Support & Privileged Remote Access products.

['Allows unauthorized command execution', 'Enables web shell deployment', 'Facilitates data exfiltration']

sysadminsIT security teamsnetwork administrators

action items (3)

• Update systems with latest vendor-provided patches
• Conduct thorough network and system audits
• Educate staff on recognizing and reporting suspicious activities

The Hacker News · 2026-02-21T01:18

CRITICAL 90% confidence outage

'Starkiller' Phishing Service Proxies Real Login Pages with MFA

['Starkiller phishing service uses real login pages as proxies for MFA attacks.', 'Stealthy Starkiller phishing service bypasses security measures by proxying.

['Starkiller leverages real login pages, reducing detection by security teams who monitor static phishing copies.', 'The method bypasses typical preventive measures like MFA, making it harder to identify and block malici

Enterprise web servicesFinancial institutions

action items (2)

• Review current MFA solutions and their effectiveness against proxy-based attacks.
• Educate users on recognizing suspicious login behaviors and the risks of phishing.

Krebs on Security · 2026-02-21T01:17

CRITICAL 95% confidence advisory

CISA Urges Rapid Patching of Actively Exploited Dell Vulnerability

Federal agencies have three days to address a critical Dell bug exploited since mid-2024. CISA warns of espionage threats linked to hardcoded credentials in.

['The flaw involves hardcoded credentials and has been actively exploited since mid-2024', 'Exploitation could lead to espionage threats against government networks']

Federal agenciesCritical infrastructure operators

action items (2)

• Review and update patch management policies
• Conduct an inventory of all Dell RecoverPoint installations

The Register · 2026-02-21T01:13