Cyber Threat Briefing

PUBLISHED 18 February 2026, 08:53 UTC
CLASSIFICATION TLP:CLEAR
AUTO-GENERATED Varangian Cyber Intelligence
3
Critical CVEs
12
High CVEs
9
KEV Added
0
New IOCs
0
Malware Samples
1
Active C2s
HIGH

DELTA — CHANGES SINCE LAST BRIEFING

THREAT LEVEL ASSESSMENT

The current threat landscape is rated HIGH due to concurrent emergence of multiple CRITICAL CVEs (CVSS ≥9.6) and active exploitation of KEVs in critical infrastructure. High-severity vulnerabilities in widely used platforms (WordPress, IBM, Windows) compound risks, while QakBot C2 activity signals escalating malware campaigns. Patch Tuesday updates and KEV remediation deadlines add urgency.

CRITICAL VULNERABILITIES

CVE Product CVSS Status Impact
CVE-2026-22208 OpenS100 S-100 Viewer 9.6 Pending Unrestricted Lua interpreter enables remote code execution in maritime navigation systems
CVE-2026-23647 Glory RBG-100 Recycler 9.8 Pending Hard-coded credentials in ISPK-08 software allow remote OS-level access to industrial systems
CVE-2026-1937 YayMail WordPress Plugin 9.8 Pending Missing capability checks enable unauthenticated users to escalate privileges via email customization

ACTIVE EXPLOITS & KEV

CVE Product Remediation Deadline
CVE-2026-1731 BeyondTrust Remote Support (RS) & PRA 2026-03-10
CVE-2008-0015 Microsoft Windows Video ActiveX 2026-03-10
CVE-2026-2441 Google Chromium CSS 2026-03-10
CVE-2024-7694 TeamT5 ThreatSonar 2026-03-10

MALWARE & THREAT ACTORS

QakBot (Feodo Tracker C2: 178.62.3.223:443) — New offline C2 infrastructure detected. Exploits unpatched Windows and industrial control systems. Associated with recent Kimwolf botnet campaigns disrupting I2P networks.

CYBER NEWS DIGEST

[CISA Alerts] Honeywell CCTV and Delta Electronics ASDA-Soft vulnerabilities enable camera feed hijacking and buffer overflow attacks, with remediation deadlines by March 2026.

[Microsoft Patch Tuesday] February 2026 updates address 50+ flaws including six zero-days, prioritizing Windows kernel and Azure DevOps exploits.

[Krebs on Security] Kimwolf botnet infects 2M+ IoT devices, forcing DDoS participation and local network reconnaissance via compromised firmware.

[Notepad++ Security] "Double-lock" update mechanism deployed to prevent supply-chain attacks after CVE-2025-15556 exploitation by Chinese state-backed actors.

[Siemens Industrial KEVs] SINEC OS and Polarion XCED vulnerabilities enable remote code execution in energy and manufacturing systems — urgent patching advised.

[Dark Reading] RMM abuse rises as hackers leverage trusted platforms for persistent network infiltration, bypassing traditional malware detection.

Auto-generated by Varangian Cyber Intelligence Pipeline.

Sources: NVD, CISA KEV, abuse.ch (URLhaus, ThreatFox, MalwareBazaar, Feodo Tracker), CISA Advisories, Krebs on Security, Bleeping Computer, The Hacker News, Dark Reading, Schneier on Security.

This briefing is generated automatically and may contain inaccuracies. Verify critical findings independently.

Varangian Group Ltd

Previous Briefings

DateBriefing
2026-02-18 08:24 UTC Cyber Threat Briefing — 2026-02-18 08:24 UTC
2026-02-18 08:21 UTC Cyber Threat Briefing — 2026-02-18 08:21 UTC