Patch Tuesday notes: Microsoft addresses six actively exploited zero-days.

Summary

By the CyberWire staff

Patch Tuesday notes: Microsoft addresses six actively exploited zero-days.

Microsoft yesterday issued fixes for 58 vulnerabilities, including six actively exploited zero-days, BleepingComputer reports. The zero-days affect Windows Shell, MSHTML, Microsoft Word, Windows Remote Desktop Services, the Desktop Window Manager, and the Windows Remote Access Connection Manager.

Adobe released patches for dozens of flaws across its product line, including Audition, After Effects, InDesign, Bridge, Lightroom Classic, Substance 3D apps, and the DNG SDK, according to BeyondMachines.

SecurityWeek notes that Intel and AMD have addressed more than 80 vulnerabilities across their products, including several serious flaws affecting Intel's Trust Domain Extensions (TDX).

SecurityWeek also has a summary of patches from industrial vendors, including Siemens, Schneider Electric, Aveva, and Phoenix Contact.

Meter: the end-to-end, secure enterprise network

Fragmented networks create security blind spots that are hard to patch. Meter takes a different approach, with an integrated enterprise networking architecture designed for security at the core, the edge, and everywhere in between. Learn how Meter protects every site by default at meter.com/security.

LummaStealer activity surges alongside CastleLoader.

Bitdefender has observed a surge in LummaStealer malware-as-a-service activity following widespread law enforcement disruption efforts over the past year. The malware is delivered via social engineering, and uses the CastleLoader malware loader as a delivery mechanism. The researchers say CastleLoader's "modular, in-memory execution model, extensive obfuscation, and flexible command-and-control communication make it well-suited to malware distribution of this scale."

Bitdefender notes infrastructure overlaps between LummaStealer and CastleLoader, indicating that the two malware families are coordinating or using the same service providers. The researchers explain, "This overlap is consistent with the reuse of domain registrations or hosting resources across multiple malware families, further highlighting the close operational relationship between CastleLoader and LummaStealer delivery activity."

Secure enterprise AI with Glean and Palo Alto Networks, live on Feb 26

Security leaders are under pressure to move fast on AI while keeping firm control over risk. On February 26 at 10:30 AM PT, join security leaders from Glean and Palo Alto Networks for a live fireside chat on securing enterprise AI. Learn what to secure across the AI lifecycle—from models and data to agents—and the practical guardrails Security should own to reduce risk without slowing the business.

North Korean hackers use social engineering and malware to target the crypto sector.

Mandiant says a North Korean threat actor tracked as "UNC1069" is using a combination of social engineering techniques alongside seven unique malware families to target the cryptocurrency and DeFi sectors. In one incident observed by Mandiant, the attackers "relied on a social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, a ClickFix infection vector, and reported usage of AI-generated video to deceive the victim."

The researchers add, "The volume of tooling deployed on a single host indicates a highly determined effort to harvest credentials, browser data, and session tokens to facilitate financial theft. While UNC1069 typically targets cryptocurrency startups, software developers, and venture capital firms, the deployment of multiple new malware families alongside the known downloader SUGARLOADER marks a significant expansion in their capabilities."

Experience the Power of Community at RSAC 2026 Conference

RSAC™ 2026 Conference returns to San Francisco March 23–26, bringing together the global cybersecurity community for four days of expert insights, hands-on learning, and breakthrough innovation. Join thousands of practitioners, executives, and innovators as they tackle today’s toughest challenges and explore solutions shaping tomorrow. From cutting-edge ideas to immersive programs and vibrant networking, this is where meaningful progress happens. Register today and be part of the conversations driving cybersecurity forward.

Business News: Sophos acquires London-based Arco Cyber.

UK-headquartered cybersecurity firm Sophos has acquired London-based cybersecurity assurance provider Arco Cyber. Sophos stated, "Arco Cyber will join Sophos as a dedicated team to advance Sophos CISO Advantage. Its technology and expertise will be integrated into Sophos Central, the platform which delivers Sophos’ broader ecosystem including advisory services, managed detection and response (MDR), and partner-delivered services that enable MSPs and MSSPs to scale cybersecurity strategy for their customers."

Notes.

Today's issue includes events affecting the Democratic People's Republic of Korea, the United Kingdom, and the United States.

Attacks, Threats, and Vulnerabilities

Notepad's new Markdown powers served with a side of RCE (The Register) : Smug faces across all those who opposed the WordPad-ification of Microsoft's humble text editor

Marketplace

EU Unconditionally Approves Google’s $32B Acquisition of Wiz (SecurityWeek) The European Commission’s ruling is based on extensive feedback from customers and rival cloud security and infrastructure vendors.

Legislation, Policy, and Regulation

White House to meet with GOP lawmakers on FISA Section 702 renewal (The Record) “The president, several of his top advisers, and lawmakers will be participating in a discussion at the White House today about FISA Section 702 renewal,” a senior White House official said.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

Wild West Hackin’ Fest @ Mile High 2026 (Denver, Colorado, USA, Feb 11 - 13, 2026) More than just a conference, Wild West Hackin’ Fest (WWHF) is committed to offering high quality information security education to beginners and seasoned professionals alike. With reasonably priced training, conferences, hands-on labs, and workshops, WWHF lowers the barrier to entry for those seeking to enter into the world of information security. WWHF also offers a venue for those already established in the industry to share ideas, give back, and continue learning.

New York Cybersecurity Summit (New York City, Feb 25, 2026) Maximize your networking opportunities by meeting with fellow industry executives and leading security experts at the upcoming 17th Edition of the New York Official Cybersecurity Summit on Wednesday, February 25, 2026. Secure your admission now! Use Code CSS26-CRA before February 12 for Free Admission.*

AI SOC Summit (Tysons, Virginia, USA, Mar 3, 2026) For Security Teams who use AI and defend AI deployments: There is a lot of AI hype for Sec Ops. Come hang out as early adopters of AI dive into the good, the bad and the ugly . No vendor pitches, no AI theory. If you are trying out AI products for Sec Ops or building them in house, this is the place for you.

RSAC 2026 (San Francisco, California, USA, Mar 23 - 26, 2026) Ideas become breakthroughs when shared. Challenges become opportunities when tackled together. That’s the Power of Community—a key focus for RSAC™ 2026 Conference. Real change happens when cybersecurity professionals unite.

Wicked6 Cyber Games (Virtual, Mar 27 - 29, 2026) The premier global event spotlighting WOMEN in Cyber and Tech through exciting, team-based cyber competitions, mentorship, and community engagement. Our virtual, global "Hack and Chat" inspires and empowers women in cybersecurity from over 40 countries across six continents and there's lots of excitement building behind this year's theme. Your investment will enable women from across the globe to meet, learn from each other, play cyber games together and compete in a quality Attack and Defend competition.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 02.11.26

Top stories.

Patch Tuesday notes: Microsoft addresses six actively exploited zero-days.

LummaStealer activity surges alongside CastleLoader.

North Korean hackers use social engineering and malware to target the crypto sector.

Business News: Sophos acquires London-based Arco Cyber.

Notes.

Attacks, Threats, and Vulnerabilities

Marketplace

Legislation, Policy, and Regulation

Events