search

CCTR.7.FEB.26

Monday morning cyber coffee read CCTR.7.FEB.26.

Over the last weekend, I was talking with a mate about economical camera solutions. We were discussing camera deals at Officeworks. Last week TP-Link released fixes for multiple vulnerabilities affecting the TP-Link Tapo C260 camera, including a Remote Code Execution vulnerability exploitable by a guest user.

Consumer IoT devices are widely deployed in homes with little oversight and infrequent patching, creating trusted entry points that attackers can exploit for unauthorised access, surveillance, and network pivoting.

  • Segment IoT devices away from your home and work systems

  • Audit home IoT inventory, update firmware on affected IoT devices and remove any devices no longer supported

https://www.tp-link.com/us/support/faq/4960/arrow-up-right

Cisco Talos has identified a new Chinese threat actor, UAT-9921, leveraging VoidLink in campaigns targeting Linux-based systems. While VoidLink primarily targets Linux, it is also observed indications of Windows implants. The actor leverages VoidLink, a modular implant framework whose design points toward the foundations of AI-enabled attack frameworks. VoidLink appears to be a near production-ready proof of concept for an enterprise-grade implant management framework, featuring auditability and oversight mechanisms for non-operator roles.

Recently, I have been working more in specialised Linux-based environments supporting critical infrastructure, which are increasingly targeted by Chinese threat actors with expertise in bespoke systems. I have seen strong EDR coverage across corporate Windows environments, but significantly weaker visibility and detection in Linux-based environments.

  • For critical infrastructure operators, a Windows-first threat model is no longer sufficient.

  • If your cyber strategy assumes attackers primarily target Windows, it is time to rethink your approach.

https://blog.talosintelligence.com/voidlink/arrow-up-right

BeyondTrust has disclosed active exploitation of a critical pre-authentication remote code execution vulnerability (CVE-2026-1731) affecting its Remote Support and Privileged Remote Access products. Successful exploitation can result in full system compromise.

  • Self-hosted customers should patch immediately.

  • If an instance was internet-facing and unpatched as of 9 February 2026, assume compromise and start hunting.

https://securityaffairs.com/187776/security/beyondtrust-fixes-critical-pre-auth-bug-allowing-remote-code-execution.html

PreviousCCTR.8.FEB.26NextCCTR.6.FEB.26

Last updated