Apple Patches Actively Exploited Zero-Day Across Devices

Apple Inc. has released urgent security updates to fix an actively exploited zero-day, CVE-2026-20700, a memory corruption flaw enabling arbitrary code execution. The bug affects versions prior to iOS/iPadOS 26.3, macOS Tahoe 26.3, watchOS 26.3, tvOS 26.3, and visionOS 26.3, and was chained with CVE-2025-14174 and CVE-2025-43529 (patched December 2025) against pre-iOS 26 devices.

Updates span iPhone 11+, supported iPads, Macs (Tahoe, Sequoia, Sonoma), Apple Watch Series 6+, Apple TV HD/4K, Apple Vision Pro, and Safari (via macOS). Apple urges immediate upgrades—especially to iOS 26.3—plus enabling Automatic Updates and Lockdown Mode for high-risk users.

More via Malwarebytes

Montreal Fake ID Lab Busted, Thousands of Identities Stolen

The Sûreté du Québec arrested three men linked to a Montreal lab that allegedly produced high-quality counterfeit IDs and credit cards using 2,400 stolen identities, alerting 1,900 victims. Evens Emile, 42, and Ralph-Isai Labady, 34, were arrested Tuesday in Repentigny and Laval, while a 27-year-old man was detained in Montreal. All face charges of producing false documents and possessing others’ personal information and will appear by videoconference at the Joliette courthouse.

A March 21, 2025 raid on Chabanel Street recovered nearly 1,000 forged driver’s licences, Canadian residence cards, RAMQ cards, debit and credit cards, and social insurance cards, along with embossing and punching machines, a laser engraver, printers, a laminator, blank cards, and holograms. Authorities said the counterfeits were difficult to detect and sold for $250–$300 within 24–48 hours. The investigation, supported by a forensic science lab, began last February, and police say the main suspect had operated since 2019.

More via CP24

Microsoft 365 Copilot Bug Summarizes Confidential Emails

A bug in Microsoft 365 Copilot has been summarizing confidential emails since January 21, 2026, bypassing DLP policies. Tracked as CW1226324, it affects the Copilot “work tab” chat, reading messages in Sent Items and Drafts, including those with confidentiality labels.

Copilot Chat, available in Word, Excel, PowerPoint, Outlook, and OneNote for Microsoft 365 business customers since September 2025, was impacted. Microsoft attributed the issue to a code error, began deploying a fix in early February, and is monitoring results. No final remediation timeline or total affected users have been disclosed.

More via Bleeping Computer

U.S. Law Firm Sues Lenovo Over Data Transfers to China

Almeida Law Group has sued Lenovo on behalf of Spencer Christy and others, alleging violations of DOJ Data Security Program rules designed to prevent China from accessing bulk U.S. behavioral data. The complaint cites Lenovo’s website trackers—including TikTok, Facebook, Microsoft, and Google—that collect sensitive data from 100,000+ Americans, including financial, government, device, and advertising identifiers.

The lawsuit claims Lenovo allows access by its Chinese-controlled parent, Lenovo Group, enabling dossiers on U.S. residents and targeting individuals in sensitive roles such as jurists, military personnel, journalists, politicians, and dissidents.

More via The Register

Elsewhere Online:

New SSA Impersonation Campaign Disables Windows Security Features to Gain Control
Read: https://hackread.com/hackers-screenconnect-hijack-pcs-fake-social-security-emails/

Security Risks Prompt European Parliament to Ban AI Tools on Official Devices
Read: https://techcrunch.com/2026/02/17/european-parliament-blocks-ai-on-lawmakers-devices-citing-security-risks/

Massive Security Gaps Found in Popular VS Code Extensions with 125 Million Installs
Read: https://thehackernews.com/2026/02/critical-flaws-found-in-four-vs-code.html

New Cryptojacking Campaign Uses Pirated Software to Deploy Stealthy Miners
Read: https://www.infosecurity-magazine.com/news/cryptojacking-driver-boost-monero/

Data Exfiltration Risks Mitigated as Foxit and Apryse Fix Over a Dozen Vulnerabilities
Read: https://www.securityweek.com/vulnerabilities-in-popular-pdf-platforms-allowed-account-takeover-data-exfiltration/

Previously on #AxisOfEasy