radar

ONE Sentinel

arrow_backBack to Reports

Daily Security Briefing — 2026-02-13

Report for Friday, February 13, 2026

article14digests
bug_report100CVEs
2critical
8high
lightbulb

EXECUTIVE SUMMARY

Today's security landscape highlights critical vulnerabilities in Microsoft SCCM and BeyondTrust, both actively exploited in the wild. Notable CVEs include severe flaws in Hyland OnBase and MojoPortal CMS, posing significant risks if left unpatched. The overall risk posture remains elevated with coordinated cyber operations linked to state actors targeting the defense sector. Organizations are advised to prioritize patching and enhance monitoring to mitigate these threats.

Critical Alerts

  • Microsoft SCCM Vulnerability: CISA has flagged a critical flaw in Microsoft SCCM that is currently being exploited. Immediate patching is advised to prevent unauthorized access and potential data breaches.
  • BeyondTrust Vulnerability: Researchers have observed active exploitation of a BeyondTrust vulnerability with a CVSS score of 9.9. Organizations using BeyondTrust should apply available patches and monitor for unusual activity.

CVE Analysis

  • CVE-2026-26221: Hyland OnBase's unauthenticated .NET Remoting exposure is critical with a CVSS score of 10. Immediate remediation is necessary to prevent remote code execution.
  • CVE-2025-69770: MojoPortal CMS's zip slip vulnerability allows arbitrary command execution. This CVE is critical and requires urgent patching.
  • CVE-2026-26333: Calero VeraSMART's exposure of an unauthenticated .NET Remoting service is another critical flaw that needs immediate attention.

Trends & Patterns

  • State-Sponsored Attacks: Google has linked cyber operations targeting the defense sector to state actors from China, Iran, Russia, and North Korea. This indicates a trend of increased geopolitical cyber activity.
  • Supply Chain Vulnerabilities: The npm update highlights ongoing efforts to secure software supply chains, emphasizing the need for vigilance in third-party software use.

Notable Articles

  • Fake Job Recruiters: Malicious actors are using fake job recruitment schemes to distribute malware, particularly targeting developers through coding challenges.
  • Mac Infostealers: The ClickFix attack leverages Claude LLM artifacts to push infostealers on Mac systems, showcasing the evolving tactics of threat actors.

Recommendations

  • Patch Management: Prioritize patching of critical vulnerabilities, especially those with active exploitation like Microsoft SCCM and BeyondTrust.
  • Enhanced Monitoring: Increase monitoring for signs of state-sponsored activities, particularly in sectors like defense and technology.
  • Supply Chain Security: Review and strengthen supply chain security measures, focusing on third-party software and dependencies.
  • User Awareness: Educate employees about phishing and social engineering tactics, especially those involving fake job offers and coding challenges.
Generated Feb 14, 2026 at 01:00 using gpt-4o2,133 tokens