Home

Podfeet Podcasts

Security Bits – 15 February 2026

  • by Jill McKinley

    • Fake Software & Residential Proxy Malware

    One of the major concerns discussed was the distribution of fake versions of legitimate software, specifically 7-Zip, through look-alike websites. Attackers are creating websites that closely resemble the official source and distributing malware disguised as the legitimate application. When users download from these spoofed domains, they are not installing a harmless compression tool but instead infecting their systems.

    The malicious software enrolls infected devices into residential proxy networks. This means the victim’s home internet connection is quietly converted into part of a criminal infrastructure. Residential proxies are highly valuable to attackers because they originate from legitimate household IP addresses, making malicious traffic far harder to detect or block. Criminals can use these networks for fraud, scraping, credential stuffing, or bypassing geographic restrictions. In effect, an unsuspecting user’s home becomes a relay point for illicit activity.

    This reinforces a fundamental security principle that has been true for years: software must always be downloaded directly from its official source. Search engine results, especially paid ads or manipulated rankings, frequently elevate malicious look-alike sites above legitimate ones. A simple misclick can lead to serious consequences.

     

    Malicious AI Browser Extensions

    Another serious issue involves fake AI-themed browser extensions that have already stolen approximately 300,000 login credentials. Attackers are capitalizing on the popularity of artificial intelligence by creating extensions that promise enhanced AI features. Many users assume that browser extensions are lightweight or harmless, but in reality they can have extensive access to browsing activity.

    Browser extensions often have permission to read and modify all web pages visited, access form data, capture login credentials, and monitor session cookies. A malicious extension can harvest usernames and passwords as they are typed, steal authentication cookies, and inject scripts into browsing sessions. The scale of 300,000 stolen credentials suggests automated, large-scale harvesting rather than isolated incidents.

    The key takeaway is that extensions should be installed sparingly and only from well-established publishers. Users should carefully review the publisher’s identity and evaluate whether the extension is truly necessary before granting it broad permissions within their browser.

    Apple Update Alerts & Zero-Day Exploits

    Apple recently released updates that included a fix for a zero-day vulnerability. A zero-day is a flaw already being exploited in the wild before a patch is publicly available. These vulnerabilities are often used first against high-profile targets, which Apple signals through its typical phrasing that the issue was used in “limited attacks.” Once a patch is released, however, attackers may attempt to use the exploit more broadly before users update.

    Many users delay installing updates that appear minor, such as version 26.3, because they do not seem to include major feature additions. However, smaller updates often contain critical security fixes. These updates are usually quick to install and require minimal effort, yet delaying them increases exposure to risk.

    Apple also backported security fixes to older systems, including iOS 18.7.5 and iOS 16.7.14, the latter addressing an emergency services calling bug affecting some Australian users. Additionally, updates to macOS 11.7 and watchOS 10.2 addressed expiring digital certificates. These back ports demonstrate continued support for older systems and ensure that devices remain patchable if emergency fixes are required in the future.

    Expiring Certificates (Apple & Microsoft)

    Both Apple and Microsoft are issuing updates related to expiring digital certificates. Digital certificates verify the authenticity of software updates and secure boot processes. If certificates expire without renewal, devices may be unable to validate updates or boot securely.

    On Windows systems, expiring Secure Boot certificates pose particular concern. Secure Boot protects against unauthorized modifications to a system during startup, which is especially important in corporate environments where devices may travel and be physically accessible to others. If these certificates are not updated, systems may either refuse to boot securely or fail compliance requirements in enterprise settings.

    Certificate updates often go unnoticed by users, yet they are foundational to maintaining long-term system integrity. Security infrastructure is largely invisible until it fails, which is why proactive updates are critical.

    Microsoft Patch Tuesday – 58 Flaws, 6 Zero-Days

    Microsoft’s Patch Tuesday addressed 58 vulnerabilities, including six zero-day exploits. Although the total number of flaws is smaller than some previous patch cycles, the presence of multiple zero-days makes the update particularly urgent.

    Windows 10 users who did not receive patches may not be enrolled in extended support. Without extended support, critical fixes are no longer delivered, leaving systems exposed. Users must either subscribe to extended support, upgrade to Windows 11, or consider alternative operating systems to remain secure.

    Even relatively small patch cycles can contain high-severity vulnerabilities, reinforcing the importance of consistent update habits.

     

    Apple Phishing Campaign

    An active phishing campaign is targeting Apple users by impersonating Apple billing or fraud notifications. These emails typically claim that a high-value Apple Pay transaction has occurred at a physical store and include details such as case IDs and timestamps to appear legitimate.

    The message urges recipients to call a phone number immediately. The number provided, however, connects to scammers rather than Apple. The goal is to create fear and urgency so that victims act without verifying the contact information independently.

    This type of social engineering exploits human psychology rather than software vulnerabilities. Even fully patched systems cannot prevent a user from calling a fraudulent number if fear overrides caution. The safest approach is to independently look up official support numbers rather than trusting contact information provided in unsolicited messages.

     

    Windows Shortcut (.LNK) Abuse

    Security researchers have demonstrated new ways to abuse Windows shortcut files, which use the .LNK extension. A malicious shortcut can appear to open a legitimate document, such as a PDF, while simultaneously executing hidden malware in the background. Attackers embed instructions within metadata fields that are not visible to the average user.

    Although this attack requires user interaction, it remains concerning because interacting with shortcut files is common. Microsoft has not classified this as urgent enough for immediate remediation, which has generated frustration among security professionals.

    The practical defense is simple: shortcuts that were not personally created should not be trusted, particularly if they originate from external sources.

    Privacy-Focused AI (DuckDuckGo)

    DuckDuckGo has introduced a privacy-focused AI voice chat service as an alternative to data-harvesting AI platforms. Many AI tools are offered free of charge but monetize user data, interaction patterns, and behavioral information.

    Users often disclose highly personal information to AI systems because they feel non-judged and comfortable. Conducting SWOT analyses or discussing vulnerabilities can reveal behavioral patterns that, if stored or leaked, become valuable data points. Privacy-focused AI services aim to minimize or eliminate data retention and tracking.

    The broader lesson is that AI conversations can be deeply revealing, and users should consider how that data is stored and monetized.

     

    AI Used for Security (Claude & Microsoft)

    Artificial intelligence is also being used defensively. Claude Opus 4.6 was tested against open-source libraries and identified over 500 vulnerabilities, improving the security of widely used software. This represents AI being used to strengthen infrastructure rather than exploit it.

    Microsoft has developed a scanner to detect potential backdoors in open-weight large language models. Open-weight models share their trained parameters but do not disclose full training data. Because these models are opaque, scanning tools are necessary to detect hidden malicious behaviors.

    The emerging landscape increasingly involves AI systems auditing other AI systems, creating an ecosystem of automated defensive mechanisms.

    Meta Encryption Lawsuit Skepticism

    A lawsuit has been filed alleging that Meta maintains a backdoor into encrypted messages, but no evidence has been presented. Filing a lawsuit does not constitute proof, and extraordinary claims require substantial evidence.

    Security literacy requires distinguishing between allegations, verified findings, and judicial rulings. Media amplification of claims does not equate to technical validation. Skepticism is warranted until credible evidence emerges.

    Business & Security Podcast Recommendations

    Two recommended podcast episodes explore the historical and economic foundations of modern technology. The Business History episode titled “How a Bad Boss Kickstarted Silicon Valley” examines how human capital, rather than physical geography, led to the rise of Silicon Valley. The concentration of semiconductor expertise resulted from talent networks and leadership dynamics rather than access to sand or natural resources.

    The Planet Money episode “How the Sewing Machine Got Us Software” explores patent law, FRAND licensing, and how intellectual property frameworks shaped modern software ecosystems. These historical structures influence standards such as 5G and help explain how shared technologies can exist without becoming monopolistic cartels.

    Together, these discussions highlight that modern cybersecurity and technology are deeply intertwined with business history, economic incentives, and legal frameworks.

     

    Feedback & Followups

    Deep Dive(s)

    ❗ Action Alerts

    Worthy Warnings

    • ⚠️ Apple Users: Apple users are being targeted by a coordinated Apple Pay phishing campaign — appleinsider.com/…
      • “The phishing emails typically impersonate Apple billing or fraud teams and warn of a high dollar Apple Pay purchase at a physical Apple Store. They often include a case ID, timestamp, and technical sounding details to appear legitimate.mThe messages tell you to call a number right away or show up for an appointment to fix a problem.”
    • Windows Users: Never trust an LNK (shortcut) file you didn’t create yourself – a security researcher has demonstrated new and interesting ways to booby-trap these files, and Microsoft are no rushing out fixes — www.bleepingcomputer.com/…

    Notable News

    Interesting Insights

    Palate Cleansers

    Legend

    When the textual description of a link is part of the link, it is the title of the page being linked to, when the text describing a link is not part of the link, it is a description written by Bart.

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Scroll to top