End-of-Day report
Timeframe: Donnerstag 26-02-2026 18:00 - Freitag 27-02-2026 18:00
Handler: Wolfgang Menezes
Co-Handler: n/a
News
New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises
New research shows that behaviors that occur at the very lowest levels of the network stack make encryption-in any form, not just those that have been broken in the past-incapable of providing client isolation, an encryption-enabled protection promised by all router makers, that is intended to block direct communication between two or more connected clients. The isolation can effectively be nullified through AirSnitch, the name the researchers gave to a series of attacks that capitalize on the newly discovered weaknesses.
https://arstechnica.com/security/2026/02/new-airsnitch-attack-breaks-wi-fi-encryption-in-homes-offices-and-enterprises/
Log4j am Limit: KI-Schrott lähmt Open-Source-Projekt
Über das Bug-Bounty-Programm des Projekts werden den Angaben zufolge immer mehr KI-generierte Schwachstellenmeldungen eingereicht. [..] Karwasz schlägt vor, Schwachstellenmeldungen bei Log4j in Zukunft kurzfristig Prioritäten zuzuordnen und vorerst nur noch die wichtigen Fälle zu bearbeiten.
https://www.golem.de/news/log4j-am-limit-ki-schrott-laehmt-open-source-projekt-2602-205903.html
Heimliches Fahrzeug-Tracking: Spionage durch das Reifendruckkontrollsystem
Reifendruckkontrollsysteme moderner Fahrzeuge bieten Spionen weitreichende Möglichkeiten zur Überwachung - und das schon seit etlichen Jahren. [..] Angriffspunkt sind nach Angaben der Forscher Funksignale, die von den TPMS ausgestrahlt werden und eine eindeutige Kennung enthalten. [..] Um Autos anhand der TPMS-Signale zu tracken, wird nach Angaben der Forscher nur ein einfacher Funkempfänger benötigt, der zu Preisen von lediglich rund 100 US-Dollar erhältlich ist. [..] "Solche Informationen könnten Aufschluss über tägliche Routinen geben, wie beispielsweise Arbeitszeiten oder Reisegewohnheiten" , warnte das Forschungsteam.
https://www.golem.de/news/heimliches-fahrzeug-tracking-spionage-durch-das-reifendruckkontrollsystem-2602-205913.html
Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms
Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan (RAT). "A malicious downloader staged a portable Java runtime and executed a malicious Java archive (JAR) file named jd-gui.jar," the Microsoft Threat Intelligence team said in a post on X.
https://thehackernews.com/2026/02/trojanized-gaming-tools-spread-java.html
Fake Zoom and Google Meet scams install Teramind: A technical deep dive
In this article, we-ll provide the deeper technical analysis [..] On February 24, 2026, we published an article about how a fake Zoom meeting -update- silently installs monitoring software, documenting a campaign that used a convincing fake Zoom waiting room to push a legitimate Teramind installer abused for unauthorized surveillance onto Windows machines. [..] Despite the takedown, our continued monitoring shows the campaign is not only still active but growing: we have now identified a parallel operation impersonating Google Meet, running from a different domain and infrastructure.
https://www.malwarebytes.com/blog/threat-intel/2026/02/fake-zoom-and-google-meet-scams-install-teramind-a-technical-deep-dive
Hook, line, and vault: A technical deep dive into the 1Phish kit
We analyze the evolution of the 1Phish phishing kit from a basic credential harvester into an MFA-aware, multi-stage phishing kit targeting 1Password users.
https://securitylabs.datadoghq.com/articles/hook-line-vault-a-deep-dive-into-1phish/
Malicious Go -crypto- Module Steals Passwords and Deploys Rekoobe Backdoor
Socket-s Threat Research Team uncovered a malicious Go module, github[.]com/xinfeisoft/crypto, that imitates the legitimate golang.org/x/crypto codebase but inserts a backdoor in ssh/terminal/terminal.go. That choice was strategic: golang.org/x/crypto is one of the Go ecosystem-s foundational cryptography codebases, maintained by the Go project and widely relied on for primitives and packages such as bcrypt, argon2, chacha20, and ssh, which makes it a high-trust impersonation target in dependency graphs.
https://socket.dev/blog/malicious-go-crypto-module-steals-passwords-and-deploys-rekoobe-backdoor
Vulnerabilities
GitLab Patch Release: 18.9.1, 18.8.5, 18.7.5
These versions contain important bug and security fixes, and we strongly recommend that all self-managed GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version. GitLab Dedicated customers do not need to take action.
https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/
LWN: Security updates for Friday
https://lwn.net/Articles/1060645/