AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories

infonews

security

Source: The Hacker NewsFebruary 19, 2026

Summary

This bulletin covers multiple cybersecurity threats across platforms, including Android 17's privacy enhancements to block unencrypted traffic, LockBit 5.0 ransomware gaining the ability to attack Proxmox virtualization systems with advanced evasion techniques, and several ClickFix social engineering campaigns (using fake websites and nested obfuscation) targeting macOS users to steal credentials or deploy malware like Matanbuchus 3.0 loader and AstarionRAT.

Solution / Mitigation

For Android 17 and higher: Google states that apps should "migrate to Network Security Configuration files for granular control" to avoid relying on cleartext traffic. Apps targeting Android 17 or higher will default to disallowing cleartext traffic if they use usesCleartextTraffic='true' without a corresponding Network Security Configuration.

Classification

Attack SophisticationModerate

Impact (CIA+S)

confidentialityintegrity

Affected Vendors

Microsoft

Related Issues

info

Tech Giants Invest $12.5 Million in Open Source Security

Same vendorSecurityWeek

critical

CVE-2026-24307: Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information o

Same vendorNVD/CVE Database

Original source: https://thehackernews.com/2026/02/threatsday-bulletin-openssl-rce-foxit-0.html

First tracked: February 19, 2026 at 11:00 AM

Classified by LLM (prompt v3) · confidence: 65%