Latest Internet & Cybersecurity News
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20127 Actively Exploited
Threat actor UAT-8616 has exploited CVE-2026-20127, an authentication bypass in Cisco SD-WAN Controller, since 2023, enabling root access and persistence. CISA issued Emergency Directive 26-03 on February 26, 2026, mandating federal agencies to patch by February 27 and assess for compromise.
Global agencies urge immediate patching due to risks to network integrity.
Conduent Third-Party Breach Impacts 25 Million Americans
The Conduent breach, claimed by SafePay ransomware, escalated from 10 million to 25 million affected, including SSNs, medical data from Medicaid and insurers. Attackers exfiltrated 8TB over three months, hitting state benefits and corporate clients like Volvo.
This ranks among largest US healthcare breaches, enabling long-term identity theft.
Adidas Investigates Third-Party Data Breach
Adidas is probing a breach at an independent licensing partner, where attackers claimed access to 800,000 rows of names, emails, and details. Adidas reports no impact to its own systems or consumer data.
Incident underscores risks from supply chain partners.
Substack Confirms User Data Breach
Substack disclosed unauthorized access exposing user email addresses and phone numbers, raising phishing risks for its high-profile users. Passwords were not compromised, but contact data increases impersonation threats.
Highlights need for minimal data storage and strong access controls.
Winter Olympics 2026 Bolsters Cyber Defenses
Milan-Cortina Olympics organizers deployed AI monitoring, stress-testing, and simulations against cyber threats targeting large events. Focus was on service availability amid warnings of disruptions for visibility and damage.
Reinforces trends of opportunistic attacks on global sporting events.
CISA Orders Federal Patch for Cisco Vulnerabilities Amid Exploitation
CISA's ED 26-03 requires FCEB agencies to inventory Cisco SD-WAN systems, patch CVE-2026-20127 and CVE-2022-20775, despite DHS shutdown strains. Acting director urges immediate action based on forensic analysis showing easy exploitation.
Report due by May 1, 2026, on implementation.
Global Agencies Urge Cisco SD-WAN Patching
UK, US, Canada, Australia, New Zealand agencies demand patches for CVE-2026-20127 exploited since 2023 in SD-WAN Manager/Controller. Cisco released fixes; federal deadline is 5pm ET February 27, 2026.
Targets control plane for broad network influence.
Supply Chain Attacks Top Global Cyber Threats in 2026
New report identifies supply chain attacks as leading threat, with internet and financial services facing over 80% of phishing. February incidents like Adidas and Conduent exemplify opaque third-party risks.
Organizations urged to reduce exposed digital footprints.
2026 Cybercrime Trends: AI Agents and Data Exfiltration Rise
Cybercriminals shift to data theft over encryption, use AI agents for 90% of nation-state intrusions, and innovate amid ransomware competition. Social engineering remains top initial access vector.
AI transforms malware and full attack lifecycles.
Ransomware Payments Drop 8% to $820M in 2025 Despite More Attacks
Chainalysis reports 2025 on-chain ransomware fell to $820 million amid 50% rise in claimed attacks, due to sanctions and proxy disruptions like IPIDEA takedown. Private sector actions hit infrastructure for ransomware and espionage.
Trends persist into 2026.
NCSC Seeks Input on External Attack Surface Management
UK's NCSC requests industry feedback for EASM research amid concerns over unknown internet-facing assets. Proactive digital footprint reduction key to cyber resilience.
Public sector breaches highlight employee data as entry points.
SMBs Face High Cyber Risks Despite Precautions
Proton's 2026 report: Nearly 1 in 4 SMBs hit by attacks in past year, revealing gaps in cyber risk management. Trends emphasize persistent threats to smaller entities.