Daily Security Briefing #163

DjediTech
Security , Newsletter
February 12, 2026

Table of Contents

February 12, 2026 | Read Online

Search ad phishing, Critical unencrypted data, Evolving Android malware and more…

Executive Summary

Critical vulnerabilities have been disclosed in various products, including HPE Aruba Networking’s Private 5G Core Platform and BeyondTrust Remote Support appliances. These flaws can lead to privilege escalation and denial-of-service attacks. Additionally, threat actors are increasingly leveraging AI for reconnaissance and attack support. Underground marketplaces continue to facilitate the sale of stolen credit cards, while researchers have discovered malicious packages linked to the North Korea-linked Lazarus Group in npm and PyPI ecosystems.

Articles

GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use

Google’s Threat Intelligence Group has observed threat actors increasingly integrating artificial intelligence (AI) to accelerate the attack lifecycle. This report serves as an update on their November 2025 findings regarding the advances in threat actor usage of AI tools.

https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use/| BleepingComputer

Carding-as-a-Service: The Underground Market of Stolen Cards

Credit card fraud continues to affect consumers and organizations on a large scale, with underground “dump shops” playing a central role in this activity. These marketplaces sell stolen credit and debit card data to criminals.

https://www.rapid7.com/blog/post/tr-carding-as-a-service-stolen-credit-cards-fraud| Rapid7

3D Printer Surveillance

A new bill proposed in New York would require all 3D printers sold or delivered in the state to include “blocking technology” that scans every print file through a database. This move raises concerns about maker freedom and small manufacturers.

https://www.schneier.com/blog/archives/2026/02/3d-printer-surveillance.html| Schneier on Security

Securing Your AI Transformation: How Check Point Is Helping Security Teams Keep Control in an AI-First World

As AI reshapes how work gets done and attacks are carried out, security teams need to rewire their approach. This includes revalidating security foundations and designing new security operations for the AI era.

https://blog.checkpoint.com/innovation/securing-your-ai-transformation-how-check-point-is-helping-security-teams-keep-control-in-an-ai-first-world/| Check Point

HPE Aruba Flaw Exposes Networking Devices to Privilege Escalation and DoS Attacks

Multiple vulnerabilities in HPE Aruba Networking’s Private 5G Core Platform can allow attackers to create unauthorized administrative accounts, disrupt services, and access sensitive system information.

https://gbhackers.com/hpe-aruba-flaw-exposes-networking-devices/| GBHackers

ORB Networks Leverages Compromised IoT Devices and SOHO Routers to Mask Cyberattacks

Advanced threat actors use Operational Relay Box (ORB) networks to hide the true origin of their cyberattacks. These networks blend malicious traffic with legitimate user activity.

https://gbhackers.com/iot-devices-and-soho-routers/| GBHackers

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

North Korea-linked threat actor UNC2970 is using the generative artificial intelligence model Gemini to conduct reconnaissance on targets. This is part of a broader trend in threat actors leveraging AI.

https://thehackernews.com/2026/02/google-reports-state-backed-hackers.html| The Hacker News

HPE Aruba Networking Vulnerability Allows Privilege Escalation and DoS Attacks

Hewlett Packard Enterprise (HPE) has disclosed critical flaws in its Aruba Networking Private 5G Core software. These issues allow remote attackers to escalate privileges and launch denial-of-service attacks.

https://cyberpress.org/hpe-aruba-networking-vulnerability/| CyberPress

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group.

https://thehackernews.com/2026/02/lazarus-campaign-plants-malicious.html| The Hacker News

$44 “Evilmouse” Can Autonomously Execute Commands and Compromise Systems

Security researcher NEWO-J has unveiled “EvilMouse,” a fully functional USB mouse that doubles as a covert keystroke injector. Priced at under $44 in parts, this device can autonomously deliver payloads upon connection.

https://cyberpress.org/44-evilmouse-can-autonomously-execute-commands-and-compromise-systems/| CyberPress

Critical BeyondTrust RCE flaw now exploited in attacks, patch now

A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online.

https://www.bleepingcomputer.com/news/security/critical-beyondtrust-rce-flaw-now-exploited-in-attacks-patch-now/| BleepingComputer

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.