Daily Digest

Cisco Zero-Day Under Active Attack, Conduent Breach Swells to 25M, and AI Fuels Ransomware Surge

February 26, 2026

8 articles (6 new, 2 updated)

24 min read

Summary

This edition for February 26, 2026, covers a critical, actively exploited Cisco SD-WAN zero-day vulnerability (CVE-2026-20127) prompting a CISA emergency directive. The fallout from the Conduent data breach has escalated, now impacting over 25 million Americans. In legal news, Marquis Software is suing SonicWall over a supply chain attack that led to a ransomware incident. Meanwhile, reports from IBM X-Force highlight a surge in ransomware groups fueled by AI, and researchers expose systemic weaknesses in the global threat intelligence sharing ecosystem.

Filter by Category

New Articles (6)

Marquis Sues SonicWall, Alleging Vendor's Breach Led to Ransomware Attack on 74 Banks

HIGH

Fintech Firm Marquis Sues SonicWall, Blaming Vendor for 2025 Ransomware Attack

In a significant legal development for supply chain liability, financial services provider Marquis Software Solutions has filed a lawsuit against cybersecurity vendor SonicWall. Marquis alleges that a 2025 breach of SonicWall's MySonicWall cloud backup service exposed its firewall configuration data and unencrypted MFA scratch codes. This data, Marquis claims, was then used by threat actors to bypass its defenses and launch a devastating ransomware attack in August 2025 that disrupted services for 74 U.S. banks. The lawsuit accuses SonicWall of gross negligence.

February 26, 2026

6 min read

Supply Chain AttackSonicWallRansomwareLawsuitMFA +1 more

Supply Chain Attack

Ransomware

Policy and Compliance

US Treasury's OCC Remediates Critical BankNet Portal Vulnerability After Researcher Disclosure

MEDIUM

US Treasury's OCC Remediates BankNet Portal Vulnerability

The Office of the Comptroller of the Currency (OCC), a bureau within the U.S. Department of the Treasury, announced it has successfully remediated a cybersecurity vulnerability in its critical BankNet portal. The flaw was reported by a security researcher on February 25, 2026, under the agency's vulnerability disclosure policy. The OCC temporarily suspended access to the portal to conduct a forensic investigation, which found no evidence of data exfiltration or unauthorized access beyond that of the reporting researcher.

February 26, 2026

4 min read

OCCVulnerabilityResponsible DisclosureVDPBankNet +1 more

Vulnerability

Incident Response

Regulatory

Threat Intelligence Supply Chain is Broken, Georgia Tech Researchers Warn

INFORMATIONAL

Georgia Tech Researchers Expose Weak Links in Threat Intelligence Ecosystem

Researchers from Georgia Tech have revealed significant weaknesses in the global threat intelligence sharing ecosystem. Their study, presented on February 25, 2026, found that crucial information sharing between security vendors, antivirus companies, and sandbox services is slow and incomplete. The research showed that while most vendors analyze new malware, only 17% share the resulting intelligence. This creates dangerous delays and blind spots that can be exploited by adversaries and are exacerbated by geopolitical tensions, threatening to fracture the entire security community's defensive capabilities.

February 26, 2026

5 min read

Threat IntelligenceSupply ChainGeorgia TechSecurity ResearchInformation Sharing

Threat Intelligence

Security Operations

Other

IBM X-Force: AI and RaaS Fuel 49% Surge in Ransomware Groups

INFORMATIONAL

IBM X-Force Index: AI Lowers Barrier for Ransomware Attacks

The 2026 IBM X-Force Threat Intelligence Index, released on February 26, 2026, paints a concerning picture of the evolving threat landscape. The report reveals a 49% increase in ransomware groups compared to the previous year, a surge driven by the proliferation of AI and Ransomware-as-a-Service (RaaS) models that are lowering the barrier to entry for less skilled attackers. The report also highlights a significant rise in vulnerability exploitation, with 56% of tracked flaws requiring no authentication to exploit, and a nearly fourfold increase in supply chain attacks over the past five years.

February 26, 2026

5 min read

IBM X-ForceThreat IntelligenceRansomwareAIRaaS +1 more

Threat Intelligence

Ransomware

Malware

Google Security Operations Unifies Access Control with Native IAM Integration

INFORMATIONAL

Google Security Operations Enhances Access Control with IAM Integration

Google has enhanced its Security Operations platform by migrating its permission model to Google Cloud's native Identity and Access Management (IAM) framework. The update, announced on February 25, 2026, allows administrators to manage Role-Based Access Control (RBAC) for both the SIEM and SOAR components from a single, unified interface. This change enables more granular, consistent, and streamlined management of user permissions and automatically scopes data visibility in dashboards based on a user's assigned access labels.

February 26, 2026

4 min read

GoogleSecOpsIAMRBACCloud Security +2 more

Security Operations

Cloud Security

Patch Management

Critical Unauthenticated RCE Flaw (CVE-2026-33017) in Langflow AI Platform Actively Exploited

CRITICAL

Critical Unauthenticated RCE Vulnerability Reported in Langflow AI Platform

A critical unauthenticated remote code execution (RCE) vulnerability, CVE-2026-33017, has been disclosed in the popular open-source AI framework, Langflow. The flaw allows an attacker to execute arbitrary Python code on a vulnerable server with a single HTTP request by sending a malicious flow definition to a public-facing API endpoint. The vulnerability, which exists in the way the server processes code with an `exec()` function, was reportedly weaponized and exploited by attackers within 20 hours of its public disclosure, highlighting the significant risk posed by insecure AI infrastructure.

February 26, 2026

6 min read

CVE-2026-33017LangflowRCEAIOpen Source +1 more

Critical Unauthenticated RCE Flaw (CVE-2026-33017) in Langflow AI Platform Actively Exploited

Vulnerability

Cyberattack

Malware

Updated Articles (2)

Conduent Data Breach May Be Largest in U.S. History; Texas AG Investigates

CRITICAL

Conduent Data Breach Escalates, Affecting Over 25 Million and Prompting Texas AG Investigation

Update:

New information confirms the Conduent data breach affected over 25 million individuals across the U.S., including 10.5 million in Oregon, in addition to the previously reported 15.4 million in Texas. The attack's dwell time has been precisely identified as October 21, 2024, to January 13, 2025. The incident also highlights scrutiny on clients like Blue Cross Blue Shield of Texas. This update provides more concrete details on the scope and timeline of the Safepay ransomware attack.

February 25, 2026

Updated: February 26, 2026

6 min read

ConduentData BreachSupply Chain AttackRansomwareSafepay +3 more

Data Breach

Supply Chain Attack

Ransomware

CISA Orders Patching for Two Actively Exploited Cisco SD-WAN Flaws

CRITICAL

CISA Adds Two Actively Exploited Cisco SD-WAN Vulnerabilities to KEV Catalog

Update:

Cisco has confirmed CVE-2026-20127 has a critical CVSS score of 10.0. Threat actors are actively chaining this authentication bypass vulnerability with CVE-2022-20775 (privilege escalation) to achieve root access and persistence on affected Cisco Catalyst SD-WAN Manager and Controller products. CISA has issued Emergency Directive 26-03, mandating federal agencies to take immediate action. Evidence suggests this vulnerability may have been exploited as a zero-day since 2023. New IOCs, such as specific log patterns in `/var/log/auth.log` for `vmanage-admin` authentication, and enhanced detection guidance have been provided.

February 25, 2026

Updated: February 26, 2026

4 min read

CISAKEVCiscoSD-WANVulnerability +3 more

CISA Orders Patching for Two Actively Exploited Cisco SD-WAN Flaws

Vulnerability

Patch Management

Threat Intelligence

📢 Share This Publication

Help others stay informed about cybersecurity threats