radar

ONE Sentinel

arrow_backBack to Reports

Daily Security Briefing — 2026-02-14

Report for Saturday, February 14, 2026

article2digests
bug_report100CVEs
1critical
1high
lightbulb

EXECUTIVE SUMMARY

Today's security landscape highlights significant threats from a single threat actor responsible for the majority of recent Ivanti RCE attacks. Additionally, there is a notable phishing campaign targeting Trezor and Ledger users via snail mail. Two critical CVEs have been identified, both affecting WordPress plugins, which could lead to arbitrary file uploads and privilege escalation. The overall risk posture remains high, with a focus on WordPress plugin vulnerabilities.

Critical Alerts

  • Ivanti RCE Attacks: A single threat actor has been identified as responsible for 83% of recent remote code execution (RCE) attacks on Ivanti systems. This actor is leveraging known vulnerabilities to gain unauthorized access and control.
  • Crypto-Theft via Snail Mail: A phishing campaign is targeting Trezor and Ledger users through physical mail, attempting to steal cryptocurrency by directing users to fraudulent websites.

CVE Analysis

  • CVE-2026-1306: A critical vulnerability in the midi-Synth plugin for WordPress allows arbitrary file uploads due to inadequate validation. Immediate patching is recommended.
  • CVE-2025-8572: The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions ≤ 1.8.7. Users should update to the latest version to mitigate this risk.

Trends & Patterns

  • There is a noticeable trend in exploiting WordPress plugins, with vulnerabilities ranging from privilege escalation to SQL injection. This highlights the need for regular updates and security audits of WordPress sites.
  • The use of non-digital methods, such as snail mail, in phishing campaigns indicates a shift towards more traditional tactics to bypass digital security measures.

Notable Articles

  • "The Rise of Physical Phishing: How Snail Mail is Making a Comeback": An in-depth analysis of recent phishing campaigns using traditional mail to target cryptocurrency users.
  • "Securing WordPress: Best Practices for 2026": A guide on securing WordPress installations, focusing on plugin vulnerabilities and security configurations.

Recommendations

  • Patch Management: Ensure all WordPress plugins are updated to their latest versions, particularly those identified with critical vulnerabilities.
  • User Education: Educate users about the risks of phishing, including non-digital methods such as snail mail, and encourage skepticism towards unsolicited communications.
  • Monitoring and Response: Implement enhanced monitoring for Ivanti systems to detect and respond to RCE attempts promptly.
  • Security Audits: Conduct regular security audits of WordPress installations to identify and mitigate potential vulnerabilities.
Generated Feb 15, 2026 at 01:00 using gpt-4o1,593 tokens