Browser Security

Chrome Emergency Patch, Phishing Services, and Browser-Related Flaws

21 Feb 2026 — 3 min read

This newsletter is AI generated and may hallucinate sometimes 😊

‘Starkiller’ Phishing Service Proxies Real Login Pages and MFA

Starkiller is a new phishing-as-a-service (PhaaS) platform that leverages sophisticated reverse proxy technology to intercept login credentials and bypass multi-factor authentication (MFA).
Operating since early 2026, the service targets high-value corporate accounts across various online services, posing a significant threat to browser-based authentication.
Phishers can rent access to Starkiller via a Telegram channel, gaining sophisticated tools for credential harvesting and session hijacking.

Source: KrebsOnSecurity | Date: February 21, 2026

The ClickFix campaign is actively using compromised websites to distribute MIMICRAT malware, employing complex redirection chains and cloaking techniques to evade detection.
Attackers register rogue domains that mimic legitimate brands and services, establishing extensive infrastructure to host and deliver malicious content.
The campaign targets users in specific geographical regions, guiding them through multiple redirects before attempting to download the MIMICRAT payload.

Source: The Hacker News | Date: February 21, 2026

A critical cross-site scripting (XSS) vulnerability in Jenkins (affecting versions 2.441 and earlier, and LTS 2.426.3 and earlier) allows attackers to inject malicious scripts into build environments.
Successful exploitation can lead to credential theft, session hijacking, or defacement of the Jenkins interface within a user's browser, compromising software development pipelines.
Although a CVE ID was not explicitly stated, the flaw impacts the integrity of development tools often accessed via web browsers.

Source: Cybersecurity News | Date: February 21, 2026

Apache Tomcat has released security updates addressing vulnerabilities (CVE-2026-26123, CVE-2026-26124) related to improper handling of Server Name Indication (SNI) and legacy HTTP/0.9 requests.
These flaws affect various Tomcat versions (11.0.0-M16, 10.1.18, 9.0.86, and 8.5.99) and could allow attackers to bypass security constraints.
Exploitation involves sending specially crafted HTTP/0.9 requests or manipulating SNI, leading to incomplete authentication checks and unauthorized access to web application resources.

Source: SecurityOnline.info | Date: February 20, 2026

Critical vulnerabilities, including CVE-2025-65717 in the "Live Server" extension, impact popular Visual Studio Code extensions, putting over 128 million developer environments at risk.
These flaws allow for arbitrary file read/write operations and remote code execution, threatening developers' machines and project integrity, with some critical issues lacking immediate patches.
Developers are advised to immediately update all VS Code extensions, exercise caution with unverified extensions, and consider disabling "Live Server" until CVE-2025-65717 is patched.

Source: SecurityOnline.info | Date: February 20, 2026

Google has issued an emergency security update for Chrome, patching an actively exploited zero-day vulnerability (CVE-2026-2441), a critical type confusion bug in the V8 JavaScript engine.
The update also addresses a high-severity heap buffer overflow in PDFium (CVE-2026-2442), both of which could lead to remote code execution if a user visits a malicious website.
All users are strongly urged to update Chrome to version 122.0.6261.94/.95 (Windows/macOS) or 122.0.6261.95 (Linux) immediately to mitigate the risk of active exploitation, especially with a PoC publicly disclosed.

Source: SecurityOnline.info | Date: February 20, 2026

Microsoft has released patches for a critical information disclosure vulnerability, CVE-2026-26119, affecting Microsoft Teams.
This flaw could allow unauthorized access to sensitive user data and bypass security measures, particularly when users interact with malicious links or files within the Teams client.
Users are advised to promptly update their Microsoft Teams client to the latest version to prevent potential information exfiltration and compromise of private conversations.

Source: The CyberThrone | Date: February 20, 2026

Cisco Secure Web Appliance (WSA) is affected by CVE-2026-20092, a vulnerability that allows an unauthenticated, remote attacker to bypass real-time scanning for malicious archive files.
The flaw stems from the improper handling of specific archive file types, which allows the appliance's malware detection capabilities to be circumvented.
Successful exploitation enables attackers to deliver malicious content directly to users' browsers, bypassing the WSA's intended security protections and increasing endpoint risk.

Source: Cisco Security Advisory | Date: February 20, 2026