Daily Digest

Cisco Patches Critical SD-WAN Zero-Day Exploited Since 2023; Google Disrupts Decade-Long Chinese Espionage Campaign

Cisco Patches Critical SD-WAN Zero-Day Exploited Since 2023; Google Disrupts Decade-Long Chinese Espionage Campaign

February 27, 2026
9 articles (7 new, 2 updated)
27 min read

Summary

This cybersecurity brief for February 27, 2026, covers several critical developments. Cisco released an emergency patch for a CVSS 10.0 zero-day vulnerability (CVE-2026-20127) in its Catalyst SD-WAN products, which has been actively exploited since 2023. Google announced the disruption of a decade-long Chinese cyber-espionage campaign by the group UNC2814 that compromised 53 organizations across 42 countries. Other major stories include NATO's approval of Apple devices for handling restricted data, newly disclosed flaws in Anthropic's AI coding assistant, and a new Wi-Fi attack method called 'AirSnitch' that can bypass WPA3 encryption.

Filter by Category

New Articles (7)

NATO Certifies iPhones and iPads for "Restricted" Classified Data Handling

INFORMATIONAL

Apple iPhones and iPads Become First Consumer Devices Certified by NATO for Handling "NATO Restricted" Information

In a landmark decision, NATO has approved Apple's iPhones and iPads running iOS 26 and iPadOS 26 for handling classified data up to the "NATO Restricted" level. This makes them the first consumer mobile devices to achieve this certification without requiring any specialized hardware or software modifications. The approval, which applies to all NATO member nations, followed a rigorous security evaluation by Germany's Federal Office for Information Security (BSI), validating Apple's built-in security architecture.

February 27, 2026
3 min read
NATOAppleiOSiPadOSMobile Security +4 more
NATO Certifies iPhones and iPads for "Restricted" Classified Data Handling

Critical Flaws in Anthropic's Claude AI Tool Allowed Silent System Takeover

HIGH

Check Point Discloses Critical RCE and API Theft Vulnerabilities in Anthropic's Claude Code AI Assistant

Check Point Research has disclosed three significant, now-patched vulnerabilities in Anthropic's AI coding assistant, Claude Code. The flaws could have allowed an attacker to achieve remote code execution (RCE), steal sensitive API keys, and take full control of a developer's environment. The attack was particularly dangerous as it could be triggered simply by having a developer clone and open a malicious code repository, highlighting new supply chain risks in AI-assisted development workflows.

February 27, 2026
4 min read
AI SecurityClaude CodeAnthropicCheck PointRCE +3 more
Critical Flaws in Anthropic's Claude AI Tool Allowed Silent System Takeover

"AirSnitch" Wi-Fi Attack Bypasses WPA3 Encryption to Intercept Traffic

HIGH

New "AirSnitch" Attack Exploits Foundational Wi-Fi Flaws to Bypass Encryption and Conduct MitM Attacks

Researchers have disclosed a novel Wi-Fi attack technique named "AirSnitch" that exploits architectural weaknesses in the Wi-Fi networking stack. The attack allows a threat actor already on the same network to bypass encryption, including on WPA3-protected networks, to intercept traffic, perform man-in-the-middle (MitM) attacks, and steal data. The flaw stems from a failure to cryptographically link identifiers across network layers, enabling an attacker to spoof a victim's identity and divert their traffic. The attack was demonstrated on popular routers from Netgear and Asus.

February 27, 2026
4 min read
AirSnitchWi-FiWPA3Man-in-the-MiddleMitM +2 more
"AirSnitch" Wi-Fi Attack Bypasses WPA3 Encryption to Intercept Traffic

Discord Pauses Global Age Verification Rollout Until Late 2026 Amid Privacy Backlash

INFORMATIONAL

Discord Postpones Controversial Age Verification System After Significant User Backlash Over Privacy Concerns

Discord has delayed the global implementation of its new age verification system until the second half of 2026. The decision follows widespread user criticism regarding privacy and data security, with many fearing mandatory ID uploads. Acknowledging it "missed the mark," Discord clarified that the system will primarily use on-platform signals and that most users won't need manual verification. The company also pledged more transparency, including publishing its list of verification vendors and prioritizing on-device processing to protect user data.

February 27, 2026
3 min read
DiscordPrivacyData SecurityAge VerificationPolicy +1 more
Discord Pauses Global Age Verification Rollout Until Late 2026 Amid Privacy Backlash

RansomHouse Claims Cyberattack on European Outlet Giant Neinver

HIGH

RansomHouse Ransomware Group Lists European Retail Operator Neinver as Victim

The RansomHouse ransomware group has claimed responsibility for a cyberattack against Neinver, a major Spanish-based company that operates retail outlet centers across Europe. On February 27, 2026, the group added Neinver to its dark web leak site, threatening to release sensitive data if the company does not enter negotiations. Details about the attack vector and the scope of the data exfiltrated have not yet been disclosed. The incident highlights the ongoing trend of data extortion attacks against large enterprises.

February 27, 2026
3 min read
RansomHouseRansomwareData ExtortionNeinverRetail +1 more
RansomHouse Claims Cyberattack on European Outlet Giant Neinver

INTERPOL's "Operation Red Card 2.0" Nabs 651 in African Cybercrime Sweep

INFORMATIONAL

INTERPOL-Led "Operation Red Card 2.0" Results in 651 Arrests and $4.3M Recovery in African Online Fraud Crackdown

An eight-week, INTERPOL-led crackdown on transnational online fraud across 16 African nations has concluded with significant results. Dubbed "Operation Red Card 2.0," the initiative led to the arrest of 651 individuals and the recovery of over $4.3 million in illicit funds. The operation targeted prevalent schemes such as high-yield investment scams, mobile money fraud, and fraudulent loan applications, which are estimated to have caused over $45 million in losses.

February 27, 2026
3 min read
INTERPOLLaw EnforcementCybercrimeFraudAfrica +2 more
INTERPOL's "Operation Red Card 2.0" Nabs 651 in African Cybercrime Sweep

Chinese Hackers Used ChatGPT for Influence Operations, OpenAI Confirms

MEDIUM

OpenAI Confirms Chinese-Linked Actors Abused ChatGPT for Cyber Influence and Disinformation Campaigns

OpenAI has confirmed that threat actors linked to China have utilized its ChatGPT large language model to support cyberattack and influence operations. While not used for technical exploit development, the AI was leveraged to generate polished propaganda, craft convincing spear-phishing content, and create operational plans for social media manipulation. The activities included romance scams and fraudulent outreach to U.S. officials. OpenAI has banned the associated accounts and is enhancing its abuse detection mechanisms.

February 27, 2026
4 min read
Generative AIChatGPTOpenAIInfluence OperationsDisinformation +2 more
Chinese Hackers Used ChatGPT for Influence Operations, OpenAI Confirms

Updated Articles (2)

Chinese APT UNC6201 Weaponizes Dell Zero-Day to Deploy GRIMBOLT Backdoor in VMware Environments

CRITICAL

Suspected Chinese Actor UNC6201 Exploits Critical Dell Zero-Day (CVE-2026-22769) in Long-Term Espionage Campaign

Update:

The critical Dell RecoverPoint for Virtual Machines zero-day vulnerability (CVE-2026-22769), actively exploited by UNC6201 since mid-2024, has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog. This inclusion underscores the severe risk posed by the flaw and mandates federal agencies to patch immediately. The vulnerability, which allows unauthenticated root access via hard-coded credentials, continues to be used to deploy BRICKSTORM and GRIMBOLT malware. Organizations are strongly urged to apply Dell's patches and implement network segmentation to mitigate the threat.

February 18, 2026
Updated: February 27, 2026
6 min read
Zero-DayAPTCyberespionageDellVMware +3 more
Chinese APT UNC6201 Weaponizes Dell Zero-Day to Deploy GRIMBOLT Backdoor in VMware Environments

Marquis Sues SonicWall, Alleging Vendor's Breach Led to Ransomware Attack on 74 Banks

HIGH

Fintech Firm Marquis Sues SonicWall, Blaming Vendor for 2025 Ransomware Attack

Update:

Further details from the lawsuit against SonicWall reveal the alleged mechanism of the MySonicWall cloud backup service vulnerability. Attackers reportedly exploited a defective API by guessing predictable device serial numbers to download firewall configuration backup files without proper authentication. These backups are said to have contained highly sensitive information, including Multi-Factor Authentication (MFA) scratch codes and other credentials, in unencrypted, plaintext form. This allowed attackers to bypass security controls and deploy ransomware. Additionally, Marquis Software Solutions is now facing 36 separate class-action lawsuits as a direct result of the breach and subsequent ransomware attack.

February 26, 2026
Updated: February 27, 2026
6 min read
Supply Chain AttackSonicWallRansomwareLawsuitMFA +1 more
Marquis Sues SonicWall, Alleging Vendor's Breach Led to Ransomware Attack on 74 Banks

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.