Threat Attack Update - February 12th, 2026

https://darkwebinformer.com/threat-attack-update-february-12th-2026/

‼️🇺🇸 A threat actor is selling an alleged critical severity OpenSea 0-day exploit chain for $100,000 USD (BTC/XMR).

The threat actor claims the exploit affects OpenSea's Seaport order validation logic on Ethereum Main Net, Polygon, and Blast, enabling forced transfer of high-value NFTs at 0 ETH, bypassing listing approvals, and working on both active and inactive listings.

The seller claims the vulnerability is unpatched and undisclosed.

Ransomware Attack Update - February 12th, 2026

https://darkwebinformer.com/ransomware-attack-update-february-12th-2026/

‼️ CISA added one more vulnerability to the KEV Catalog today...

CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability: SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality.

‼️ CISA has added 3 vulnerabilities to the KEV Catalog

CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.

CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.

CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.

‼️New Forum: TierOne a/k/a T1erOne

jprrin6bqe3flvtpyxkt4zsmzc3u6vvn7ahgtcbul224w3xn4h3gawid[.]onion

t1eron3[.]vip

Credit: @club31337

💥 Ransomware Decryptor Database: A free searchable database of 150+ ransomware decryption tools.

Search by name, file extension, or vendor. Mostly sourced from the No More Ransom Project.

https://darkwebinformer.com/ransomware-decryptor-database/

Source links go to the vendor's decryptor page, not direct downloads.

If you know of a link to a guide/decryptor source that isn't listed/missing. Let me know and I will verify and add it.

‼️ Dutch Police Arrest Third Suspect in JokerOTP Cybercrime Investigation

https://www.politie.nl/nieuws/2026/februari/10/verdachte-aangehouden-in-cyberonderzoek.html

On 10 February 2026, Dutch police arrested a 21-year-old man from Dordrecht as part of an ongoing cybercrime investigation led by Team Cybercrime East Brabant, marking the third arrest in the case.

The suspect is accused of selling the so-called “JokerOTP” bot via a Telegram account and possessing license keys for the software, which was allegedly used by criminals to intercept one-time passwords (OTPs).

Earlier arrests in April and August 2025 targeted the developer and co-developer of the tool. According to authorities, the bot enabled attackers to automate phone calls to victims, impersonate legitimate organizations, and trick individuals into entering temporary authentication codes, allowing criminals to bypass two-factor authentication and compromise accounts.

Police say dozens of Dutch buyers of the tool have been identified and may face prosecution, emphasizing that purchasing or knowingly using software designed for fraud can itself constitute a criminal offense.

I made some changes to the Keyword Notifications, which only works for new blog posts.

It is streamlined to use the same notification setup as the threat feeds, but applies to blog posts to not interfere.

Be sure to setup browser notifications for the threat feeds separately.

https://darkwebinformer.com/keyword-notifications/

I simplified the UI for the GitHub advisories. The additional details... CWE, references, timestamps, etc are now available in the detail modal. It's not complete but it's getting there.

Augustus: A Go-based LLM vulnerability scanner. It tests large language models against a wide range of adversarial attacks, integrates with 28 LLM providers, & produces actionable vulnerability reports.

GitHub: https://github.com/praetorian-inc/augustus

Released: Feb 6th, 2026

‼️ WordPress admin, shell, and database access to an international e-commerce store is being auctioned.

The site has a $601.91 average order value, with 412 orders in January (351 card, 42 crypto) and 139 in February (109 card, 23 crypto).

A payment card redirect tap is in place with 100% unique orders. The auction starts at $1,000 with a blitz price of $2,500.