Security Bits – 15 February 2026

Feedback & Followups

• Both a good reminder that it’s important to be careful where you get your software from, and an illustration of how the residential proxy networks we recently talked about are built: Laced 7-Zip installers turn home PCs into residential proxy nodes — cyberinsider.com/…
• A double-reminder, beware of both browser extensions and AI things from sources that have not earned a good reputation: Fake AI Chrome extensions with 300K users steal credentials, emails — www.bleepingcomputer.com/…

Deep Dive(s)

❗ Action Alerts

• Apple Patches Everything: February 2026 – SANS ISC — isc.sans.edu/… (OS26.3)
  • macOS Sequoia 15.7.4 and Sonoma 14.8.4 Now Available for Older Macs — www.macobserver.com/…
  • iOS 18.7.5 and iPadOS 18.7.5 Now Available for Older iPhones and iPads — www.macobserver.com/…
  • Apple fixes zero-day flaw used in ‘extremely sophisticated’ attacks — www.bleepingcomputer.com/…
  • 🇦🇺 Apple released iOS 16.7.14 to fix a serious problem that blocked emergency calls on iPhone 8 and iPhone X in Australia — www.macobserver.com/…
  • Apple Releases macOS 11.7.11 and watchOS 10.6.2 Updates for Older Devices — www.macobserver.com/…
  • Apple’s Certificate-Extension Updates Continue for Older Operating Systems — tidbits.com/… (Original update-verifying certs expiring, unless they get updates no potential future emergency updates for these legacy OSes will install
• Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws — www.bleepingcomputer.com/…
  • Microsoft rolls out new Secure Boot certificates before June expiration — www.bleepingcomputer.com/… (Very important to get these updates before June!)
  • If you’re on Windows 10 and you don’t get an update, you are now missing critical fixes: Microsoft releases Windows 10 KB5075912 extended security update — www.bleepingcomputer.com/…

Worthy Warnings

• ⚠️ Apple Users: Apple users are being targeted by a coordinated Apple Pay phishing campaign — appleinsider.com/…
  • “The phishing emails typically impersonate Apple billing or fraud teams and warn of a high dollar Apple Pay purchase at a physical Apple Store. They often include a case ID, timestamp, and technical sounding details to appear legitimate.mThe messages tell you to call a number right away or show up for an appointment to fix a problem.”
• Windows Users: Never trust an LNK (shortcut) file you didn’t create yourself – a security researcher has demonstrated new and interesting ways to booby-trap these files, and Microsoft are no rushing out fixes — www.bleepingcomputer.com/…

Notable News

• DuckDuckGo launches privacy-focused real-time AI voice chat — cyberinsider.com/…
• Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries — thehackernews.com/…
• Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models — thehackernews.com/…

Interesting Insights

• The story that Meta has a backdoor into end-to-end-encrypted WhatsApp private messages as almost certainly not true: Cryptography expert dissects the WhatsApp encryption controversy — cyberinsider.com/…

• From Bart: 🎧 A pair of excellent and relevant podcast episodes:
  • Business History: How a Bad Boss Kickstarted Silicon Valley — overcast.fm/… (From a relatively new podcast I’ve become very fond of — Business History — www.pushkin.fm/…)
  • Planet Money: How the sewing machine got us … software — www.npr.org/… (Explains patent terms that come up a lot when covering Apple news like FRAND, and also tells the story of the venerable MPEG format)
• From Allison: 🎦 I know your password! 💻😅 – YouTube — youtube.com/… (from ZKARJ in the NosillaCastaway slack, features the British comedian Michael McIntyre who Bart really likes)

Legend

When the textual description of a link is part of the link, it is the title of the page being linked to, when the text describing a link is not part of the link, it is a description written by Bart.

Emoji	Meaning
🎧	A link to audio content, probably a podcast.
❗	A call to action.
flag	The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country.
📊	A link to graphical content, probably a chart, graph, or diagram.
🧯	A story that has been over-hyped in the media, or, “no need to light your hair on fire” 🙂
💵	A link to an article behind a paywall.
📌	A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future.
🎩	A tip of the hat to thank a member of the community for bringing the story to our attention.
🎦	A link to video content.
📌	A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future.
🎩	A tip of the hat to thank a member of the community for bringing the story to our attention.
🎦	A link to video content.