{"id":35428,"date":"2026-02-15T12:49:44","date_gmt":"2026-02-15T20:49:44","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=35428"},"modified":"2026-02-19T16:09:22","modified_gmt":"2026-02-20T00:09:22","slug":"sb-2026-02-15","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2026\/02\/sb-2026-02-15\/","title":{"rendered":"Security Bits &#8211; 15 February 2026"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>Both a good reminder that it&#8217;s important to be careful where you get your software from, and an illustration of how the residential proxy networks we recently talked about are built: <a href=\"https:\/\/cyberinsider.com\/laced-7-zip-installers-turn-home-pcs-into-residential-proxy-nodes\/\">Laced 7-Zip installers turn home PCs into residential proxy nodes \u2014 cyberinsider.com\/\u2026<\/a><\/li>\n<li>A double-reminder, beware of both browser extensions and AI things from sources that have not earned a good reputation: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fake-ai-chrome-extensions-with-300k-users-steal-credentials-emails\/\">Fake AI Chrome extensions with 300K users steal credentials, emails \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Deep Dive(s)<\/h2>\n<h2>\u2757 Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you, there is some action you should take.<\/aside>\n<ul>\n<li><a href=\"https:\/\/isc.sans.edu\/diary\/rss\/32706\">Apple Patches Everything: February 2026 &#8211; SANS ISC \u2014 isc.sans.edu\/\u2026<\/a> (\uf8ffOS26.3)\n<ul>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/macos-sequoia-15-7-4-and-sonoma-14-8-4-now-available-for-older-macs\/\">macOS Sequoia 15.7.4 and Sonoma 14.8.4 Now Available for Older Macs \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/ios-18-7-5-and-ipados-18-7-5-now-available-for-older-iphones-and-ipads\/\">iOS 18.7.5 and iPadOS 18.7.5 Now Available for Older iPhones and iPads \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/apple-fixes-zero-day-flaw-used-in-extremely-sophisticated-attacks\/\">Apple fixes zero-day flaw used in &#8216;extremely sophisticated&#8217; attacks \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>\ud83c\udde6\ud83c\uddfa Apple released iOS 16.7.14 to fix a serious problem that blocked emergency calls on iPhone 8 and iPhone X in Australia \u2014 <a href=\"https:\/\/www.macobserver.com\/news\/apple-updates-iphone-8-and-iphone-x-with-ios-16-7-14-after-call-bug\/\">www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/apple-releases-macos-11-7-11-and-watchos-10-6-2-updates-for-older-devices\/\">Apple Releases macOS 11.7.11 and watchOS 10.6.2 Updates for Older Devices \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/tidbits.com\/2026\/02\/03\/apples-certificate-extension-updates-continue-for-older-operating-systems\/\">Apple\u2019s Certificate-Extension Updates Continue for Older Operating Systems \u2014 tidbits.com\/\u2026<\/a> (Original update-verifying certs expiring, unless they get updates no potential future emergency updates for these legacy OSes will install<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-february-2026-patch-tuesday-fixes-6-zero-days-58-flaws\/\">Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-rolls-out-new-secure-boot-certificates-before-june-expiration\/\">Microsoft rolls out new Secure Boot certificates before June expiration \u2014 www.bleepingcomputer.com\/\u2026<\/a> (Very important to get these updates before June!)<\/li>\n<li>If you&#8217;re on Windows 10 and you don&#8217;t get an update, you are now missing critical fixes: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-releases-windows-10-kb5075912-extended-security-update\/\">Microsoft releases Windows 10 KB5075912 extended security update \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li>\u26a0\ufe0f <strong>Apple Users:<\/strong> <a href=\"https:\/\/appleinsider.com\/articles\/26\/02\/03\/apple-users-are-being-targeted-by-a-coordinated-apple-pay-phishing-campaign\">Apple users are being targeted by a coordinated Apple Pay phishing campaign \u2014 appleinsider.com\/\u2026<\/a>\n<ul>\n<li><em>&#8220;The phishing emails typically impersonate Apple billing or fraud teams and warn of a high dollar Apple Pay purchase at a physical Apple Store. They often include a case ID, timestamp, and technical sounding details to appear legitimate.mThe messages tell you to call a number right away or show up for an appointment to fix a problem.&#8221;<\/em><\/li>\n<\/ul>\n<\/li>\n<li><strong>Windows Users:<\/strong> Never trust an LNK (shortcut) file you didn&#8217;t create yourself \u2013 a security researcher has demonstrated new and interesting ways to booby-trap these files, and Microsoft are no rushing out fixes \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-new-windows-lnk-spoofing-issues-arent-vulnerabilities\/\">www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li><a href=\"https:\/\/cyberinsider.com\/duckduckgo-launches-privacy-focused-real-time-ai-voice-chat\/\">DuckDuckGo launches privacy-focused real-time AI voice chat \u2014 cyberinsider.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/thehackernews.com\/2026\/02\/claude-opus-46-finds-500-high-severity.html\">Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries \u2014 thehackernews.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/thehackernews.com\/2026\/02\/microsoft-develops-scanner-to-detect.html\">Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models \u2014 thehackernews.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li>The story that Meta has a backdoor into end-to-end-encrypted WhatsApp private messages as almost certainly not true: <a href=\"https:\/\/cyberinsider.com\/cryptography-expert-dissects-the-whatsapp-encryption-controversy\/\">Cryptography expert dissects the WhatsApp encryption controversy \u2014 cyberinsider.com\/\u2026<\/a><\/li>\n<\/ul>\n<aside class=\"small-aside\">Anything upbeat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li><strong>From Bart:<\/strong> \ud83c\udfa7 A pair of excellent and relevant podcast episodes:\n<ul>\n<li><a href=\"https:\/\/overcast.fm\/+ABSZV2kh0gw\">Business History: How a Bad Boss Kickstarted Silicon Valley \u2014 overcast.fm\/\u2026<\/a> (From a relatively new podcast I&#8217;ve become very fond of \u2014 <a href=\"https:\/\/www.pushkin.fm\/podcasts\/business-history\">Business History \u2014 www.pushkin.fm\/\u2026<\/a>)<\/li>\n<li><a href=\"https:\/\/www.npr.org\/2026\/02\/11\/nx-s1-5707856\/singer-sewing-machine-patent-pool-antitrust-mpeg\">Planet Money: How the sewing machine got us \u2026 software \u2014 www.npr.org\/\u2026<\/a> (Explains patent terms that come up a lot when covering Apple news like FRAND, and also tells the story of the venerable MPEG format)<\/li>\n<\/ul>\n<\/li>\n<li><strong>From Allison:<\/strong> \ud83c\udfa6 <a href=\"https:\/\/youtube.com\/shorts\/FzV1pWYk34c?is=7UwMJWUZyaT4CBcH\">I know your password! \ud83d\udcbb\ud83d\ude05 &#8211; YouTube \u2014 youtube.com\/\u2026<\/a> (from ZKARJ in the <a href=\"https:\/\/podfeet.com\/slack\">NosillaCastaway slack<\/a>, features the British comedian Michael McIntyre who Bart really likes)<\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link, it is the title of the page being linked to, when the text describing a link is not part of the link, it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">\ud83c\udfa7<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\u2757<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcca<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83e\uddef<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> \ud83d\ude42<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcb5<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udccc<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa9<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa6<\/td>\n<td align=\"left\">A link to <strong>video content<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udccc<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa9<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa6<\/td>\n<td align=\"left\">A link to <strong>video content<\/strong>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. Both a good reminder that it&#8217;s important to be careful where you get your software from, and an illustration of how the residential proxy networks we recently talked about are built: Laced 7-Zip installers [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[2060,50,569],"class_list":["post-35428","post","type-post","status-publish","format-standard","hentry","category-blog-posts","category-security-bits","tag-malware","tag-security","tag-security-bits"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/35428","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=35428"}],"version-history":[{"count":3,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/35428\/revisions"}],"predecessor-version":[{"id":35434,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/35428\/revisions\/35434"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=35428"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=35428"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=35428"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}