Krebs on Security: Patch Tuesday, February 2026 Edition
Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild. Zero-day #1 this month is CVE-2026-21510, a security feature bypass vulnerability in Windows Shell wherein a single click on a malicious link can quietly bypass Windows protections and run attacker-controlled content without warning or consent dialogs. READ MORE...
Volvo Group North America customer data exposed in Conduent hack
Volvo Group North America disclosed that it suffered an indirect data breach stemming from the compromise of IT systems at American business services giant Conduent, of which Volvo is a customer. Volvo Group North America is the Swedish multinational's operating arm in the United States, Canada, and Mexico. It focuses on manufacturing commercial vehicles and heavy equipment, including trucks, buses, construction equipment, engines, and industrial power systems. READ MORE...
Patch Tuesday: Adobe Fixes 44 Vulnerabilities in Creative Apps
Adobe's February 2026 Patch Tuesday updates address a total of 44 vulnerabilities discovered by external security researchers in the company's products. The software giant has published nine new advisories announcing patches for Audition, After Effects, InDesign Desktop, Substance 3D Designer, Substance 3D Stager, Substance 3D Modeler, Bridge, Lightroom Classic, and the DNG SDK. The company has assigned a critical severity rating to over two dozen vulnerabilities. READ MORE...
ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, Phoenix Contact
Industrial giants Siemens, Schneider Electric, Aveva, and Phoenix Contact have published Patch Tuesday advisories informing customers about vulnerabilities found in their ICS/OT products. Siemens has published eight new advisories. The company has released patches and mitigations for high-severity issues in Desigo CC, Sentron Powermanager, Simcenter Femap and Nastran, NX, Sinec NMS, Solid Edge, and Polarion products. A medium-severity flaw has been found in Siveillance Video Management Servers. READ MORE...
Chipmaker Patch Tuesday: Over 80 Vulnerabilities Addressed by Intel and AMD
Intel and AMD's February 2026 Patch Tuesday advisories address more than 80 vulnerabilities found recently in their products. Intel has published 18 new advisories covering more than 30 vulnerabilities. Four advisories have an overall severity rating of high. One of these advisories describes TDX vulnerabilities discovered in collaboration with Google, including a flaw that could lead to full compromise. READ MORE...
After major Poland energy grid cyberattack, CISA issues warning to U.S. audience
Arecent attempt at a destructive cyberattack on Poland's power grid has prompted the Cybersecurity and Infrastructure Security Agency to publish a warning for U.S. critical infrastructure owners and operators. Tuesday's alert follows a Jan. 30 report from Poland's Computer Emergency Response Team concluded the December attack overlapped significantly with infrastructure used by a Russian government-linked hacking group. READ MORE...
That "summarize with AI" button might be manipulating you
Microsoft security researchers discovered a growing trend of AI memory poisoning attacks used for promotional purposes, referred to as AI Recommendation Poisoning. The MITRE ATLAS knowledge base classifies this behavior as AML.T0080: Memory Poisoning. The activity focuses on shaping future recommendations by inserting prompts that cause an assistant to treat specific companies, websites, or services as trusted or preferred. READ MORE...
AI agents spill secrets just by previewing malicious links
AI agents can shop for you, program for you, and, if you're feeling bold, chat for you in a messaging app. But beware: attackers can use malicious prompts in chat to trick an AI agent into generating a data-leaking URL, which link previews may fetch automatically. Messaging apps commonly use link previews, which let the app query links dropped in a message to extract a title, description, and thumbnail to display in place of a plain URL. READ MORE...
Notepad's new Markdown powers served with a side of remote code execution
Just months after Microsoft added Markdown support to Notepad, researchers have found the feature can be abused to achieve remote code execution (RCE). Tracked as CVE-2026-20841 (8.8), the vulnerability was addressed in the Windows maker's most recent Patch Tuesday fixes. The flaw misses out on the top severity scores as it requires a little social engineering in order to get it working, but from there it's plain sailing for an attacker. READ MORE...
Microsoft prepares to refresh Secure Boot's digital certificate
Microsoft is updating the digital certificates powering Windows' Secure Boot software-verification feature, an ambitious effort to maintain the security of more than one billion devices worldwide. Secure Boot, which prevents unsigned software from executing at startup, relies on security certificates stored in the device's firmware. The original certificates, issued in 2011, are expiring in June after more than 15 years of use. READ MORE...
- ...in 1847, engineer and businessman Thomas Edison, inventor of the light bulb, phonograph, and motion picture camera, is born in Milan, OH.
- ...in 1936, actor/producer Burt Reynolds (Smokey and the Bandit, Deliverance) is born in Lansing, MI.
- ...in 1990, activist Nelson Mandela is released from prison after 27 years as a political prisoner of South Africa's apartheid government.
- ...in 2011, Egyptian president Hosni Mubarak resigns in the wake of 18 days of popular protests.
