Cybersecurity Daily: News & Threats
(00:00:00) Cisco SD-WAN Zero-Day Exploited, FBI Breach & Iran Hits Water Utilities (00:01:00) FBI Breach Exposes Surveillance Targets (00:01:32) Infrastructure as Active Battleground (00:02:12) Social Security Database Under Investigation (00:02:41) Supply Chain Breaches Continue Weekly (00:03:09) Infostealers Feeding Ransomware Pipeline A zero-day in Cisco's Catalyst SD-WAN Manager is being actively exploited in the wild — no patch exists, and it's the seventh SD-WAN flaw weaponised this year. CVE-2026-20245 carries a CVSS score of 7.8, enabling root command injection on edge devices. Cisco has confirmed unauthorised configuration changes in the wild, with no vendor fix available. Today's episode opens there and doesn't move on quickly. From federal networks to critical infrastructure: the FBI has confirmed Chinese-linked actors compromised an unclassified network, exposing active surveillance targets and wiretap numbers from pen register data. The counterintelligence fallout could extend for years. Meanwhile, Iran-linked actors are actively targeting U.S. water utilities, Russia is sustaining its campaign against European power grids, and Iranian hackers wiped tens of thousands of devices at Stryker in March. Three nation-state actors are simultaneously running live operations against civilian infrastructure. On the domestic data exposure front, DOGE-led access to the Social Security Administration's database remains under investigation. If worst-case assessments hold, this could be the largest government data breach in U.S. history by affected population. Open source supply chain compromises — hitting Trivy, Bitwarden, and Checkmarx — are now running at a weekly cadence, with stolen developer credentials cascading into downstream platforms including OpenAI and Vercel. Rounding out today's briefing: infostealers have become the primary entry point for ransomware operations, with stolen session tokens remaining valid even after malware removal. ClickFix delivery and fake CAPTCHAs are the delivery mechanism of choice. This episode includes AI-generated content.
56 episodes
Comments
0Be the first to comment
Sign up now and become a member of the Cybersecurity Daily: News & Threats community!