CyberNews: 19/02/2026 Edition

Published by Dunateo on 2026-02-19

Today’s roundup

  • Texas sues TP-Link, alleging it allows China to hack into routers
  • Hackers target Microsoft Entra accounts in device code vishing attacks
  • CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs
  • Telegram channels expose rapid weaponization of SmarterMail flaws
  • Data breach at fintech firm Figure affects nearly 1 million accounts
  • Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot
  • Fed agencies ordered to patch Dell bug by Saturday after exploitation warning
  • Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA
  • VS Code extensions with 125M+ installs expose users to cyberattacks
  • French Ministry confirms data access to 1.2 Million bank accounts

    • Summary

    Texas has sued networking giant TP-Link, alleging deceptive marketing that allowed Chinese state-backed hackers to exploit firmware vulnerabilities in its routers. Attorney General Ken Paxton noted this is the initial action in a series targeting China-affiliated companies.

    Threat actors are employing device code vishing campaigns to compromise Microsoft Entra accounts within technology, manufacturing, and financial organizations. The method combines voice and device code phishing to abuse the OAuth 2.0 Device Authorization flow.

    CISA warns of a critical authentication bypass flaw (CVE-2026-1670, CVSS 9.8) in Honeywell CCTV products. This vulnerability allows unauthenticated attackers to change recovery email addresses, enabling account takeovers and unauthorized camera feed access, affecting critical infrastructure globally.

    Underground Telegram channels rapidly shared Proof-of-Concepts and stolen credentials for recent SmarterMail flaws (CVE-2026-24423, CVE-2026-23760). This swift weaponization is connected to observed ransomware activity.

    Fintech firm Figure Technology Solutions reported a data breach impacting nearly one million accounts, resulting in the theft of personal and contact information.

    A critical unauthenticated remote code execution vulnerability (CVE-2026-2329, CVSS 9.3) affects Grandstream GXP1600 series VoIP phones. The flaw grants root-level access, potentially enabling call interception, toll fraud, and user impersonation in SMB phone infrastructures.

    U.S. federal agencies must patch a Dell vulnerability (CVE-2026-22769) by Saturday, following warnings from Dell and Google. A sophisticated Chinese threat actor has actively exploited this hard-coded flaw since mid-2024 for lateral movement and persistent access.

    A new 'commercial-grade' phishing kit named Starkiller has been identified, capable of bypassing multi-factor authentication (MFA). Researchers from Abnormal note its use of proxies to mimic online services, marking an advancement in phishing infrastructure.

    OX Security researchers discovered critical flaws in four popular VS Code extensions, totaling over 125 million installs. These vulnerabilities, some with high CVSS scores (e.g., CVE-2025-65717, CVSS 9.1), allow remote file exfiltration and code execution, posing significant risks to developers.

    The French Economy Ministry confirmed data access to 1.2 million French bank accounts. A hacker used stolen official credentials to view personal data, including account numbers and addresses, but not account balances or transactions.

    Want to dig deeper?

    Vulnerabilities

    CVE-2026-1670 Critical
    CVE-2026-24423 Critical
    CVE-2026-23760 Critical
    CVE-2026-2329 Critical
    CVE-2026-22769 Critical
    CVE-2025-65717 Medium