Google disrupts UNC2814, 3M+ impacted by TriZetto breach, Cisco bug exploited since 2023

Cybersecurity Headlines — February 26, 2026

Host: Sarah Lane — Presented by CISO Series

Episode Overview

This episode delivers concise daily updates on major cybersecurity events and industry trends. On February 26, 2026, the key focus areas include Google’s disruption of a major Chinese-linked threat group, a massive healthcare data breach, a critical Cisco vulnerability being exploited for over a year, growing attacks on developers, and significant security lawsuits and settlements. Additional updates touch on Discord’s revised age verification policy and vulnerabilities in AI coding tools.

Key Discussion Points & Insights

1. Google Disrupts Chinese-Linked Hacking Group UNC2814

[00:17] Google announced it disrupted UNC2814 (aka Gallium), a Chinese-affiliated threat group active for almost a decade.
- Targeted: At least 53 organizations across 42 countries, focusing on governments and telecom firms.
- Tactics: Used Google Sheets to conceal malicious traffic within normal network activity.
- Action Taken: Google and partners disabled the group's Cloud projects, infrastructure, and accounts.
- Assurance: “No Google products were compromised.” (Sarah Lane, 00:42)
- Chinese embassy refuted involvement.
- Google states this is “separate from other China linked campaigns such as Salt Typhoon.” (00:54)

2. TriZetto (Cognizant) Breach Exposes 3M+ Individuals

[01:00] TriZetto Provider Solutions disclosed a 2024 breach much larger than previously revealed:
- Impacted: 3,433,965 people’s sensitive information (SSNs, addresses, insurance details).
- Timeline: Attacker accessed historical insurance reports via a web portal from November 2024.
- Response: Law enforcement notified, Mandiant engaged for investigation, one year of credit monitoring offered.
- Subsidiary of Cognizant.

3. Cisco SD-WAN Zero-Day Exploited Since 2023

[01:37] Cisco disclosed a ten-out-of-ten severity flaw in Catalyst SD-WAN software.
- Issue: Authentication bypass lets attackers achieve high-privilege access, add rogue devices, and escalate to root by chaining with another known flaw.
- Timeline: Exploited since 2023.
- Action: CISA mandates all federal agencies patch by February 27, 2026; Cisco urges immediate investigation and patching.
- “Evidence they escalated to root by chaining a known flaw.” (Sarah Lane, 01:46)

4. Discord Delays Global Age Verification Policy

[02:17] Discord postpones its new age verification policy to later in 2026, following user pushback.
- Upcoming Changes: Will support more verification methods beyond IDs/selfies (e.g., credit cards).
- User Impact: Most users won’t need to submit IDs.
- Quote: “Discord said most users won't need to submit IDs, apologized for poor communication and emphasized the update is to comply with growing global regulations...” (Sarah Lane, 02:32)
- Regions Impacted: Australia, UK, Europe, Brazil, select US states.

5. Security Vulnerabilities in AI Coding Tool Claude

[03:35] Check Point researchers revealed multiple vulnerabilities in Anthropic’s Claude code.
- Risks: Remote code execution, API key theft via malicious repositories.
- Simply opening a malicious repo can compromise the developer’s AI environment.
- “Exploits involve project config files and untrusted repositories, letting attackers run arbitrary commands...” (Sarah Lane, 03:49).

6. Next.js Repo Attacks Targeting Developers

[04:04] North Korean actors target developers with malicious Next.js repositories disguised as job assignments.
- Opening such a repo can enable remote code execution and set up backdoors.
- Goal: Steal high-value company assets, poison software supply chain.
- Defensive Advice: Enforce IDE trust policies, monitor Node.js, restrict developer endpoint connections.
- “Microsoft warns the campaign exploits developer workflows, including automated Visual Studio code tasks...” (Sarah Lane, 04:17).

7. Marquee Sues SonicWall Over Catastrophic Backup Breach

[04:52] Marquee Software sues SonicWall following an August 2025 ransomware attack that compromised 74 US banks.
- Entry Point: Vulnerability in SonicWall’s MySonicWall Cloud Backup API (discovered Feb 2025).
- Data Exposed: Encrypted credentials, configs, MFA codes.
- Marquee seeks compensation for lost revenue, reputational damage, legal costs, and class-action defense.
- “Claims damages, reputational harm, lost revenue...” (Sarah Lane, 05:13).

8. $17.25M Settlement in Chicago Student Privacy Lawsuits

[05:39] PowerSchool and Chicago Public Schools settle after being accused of eavesdropping on student communications via school-mandated tech (Naviance platform).
- Terms: Payment, improved privacy, deletion of third-party data, creation of a privacy governance committee.
- Covers: Usage from August 2021 to January 2026.
- Context: Follows a 2025 hack affecting 62M students and 9.5M teachers.
- “The lawsuit follows prior concerns, including a 2025 hack exposing data for 62 million students...” (Sarah Lane, 06:04).

Notable Quotes & Memorable Moments

On Google’s Disruption of UNC2814:
- “No Google products were compromised.” (Sarah Lane, 00:42)
- “Google said the activity is separate from other China linked campaigns such as Salt Typhoon.” (00:54)
On User Backlash at Discord:
- “Discord said most users won't need to submit IDs, apologized for poor communication, and emphasized the update is to comply with growing global regulations...” (Sarah Lane, 02:32)
On Developer Tool Exploits:
- “Simply opening a malicious repository could compromise a developer's AI environment.” (Sarah Lane, 03:55)
- “Microsoft warns the campaign exploits developer workflows, including automated Visual Studio code tasks, to deliver backdoors.” (Sarah Lane, 04:17)
On Legal Action Post-Breach:
- “Claims damages, reputational harm, lost revenue...” (Sarah Lane, 05:13)
On the Scope of Student Privacy Concerns:
- “The lawsuit follows prior concerns, including a 2025 hack exposing data for 62 million students...” (Sarah Lane, 06:04)

Important Timestamps

00:17 — Google UNC2814 disruption detailed
01:00 — TriZetto breach scope and response
01:37 — Cisco SD-WAN exploit timeline and severity
02:17 — Discord’s global age verification delay
03:35 — Anthropic Claude code vulnerabilities
04:04 — Next.js repo attacks targeting developers
04:52 — Marquee lawsuit against SonicWall
05:39 — Chicago student privacy settlement

Episode Tone & Takeaways

The tone remains fast-paced, direct, and informative, as is customary for the CISO Series. Each headline is delivered with precise, actionable detail. The stories collectively highlight the persistent evolution of cyber threats — from APT actors leveraging cloud services, to the growing threat surface at the intersection of developer tools and AI, to the escalating legal consequences for data breaches impacting consumers, financial institutions, and students.

For more information or in-depth stories, visit: CISOseries.com

Cybersecurity Headlines — February 26, 2026

Host: Sarah Lane — Presented by CISO Series

Episode Overview

Key Discussion Points & Insights

1. Google Disrupts Chinese-Linked Hacking Group UNC2814

[00:17] Google announced it disrupted UNC2814 (aka Gallium), a Chinese-affiliated threat group active for almost a decade.
- Targeted: At least 53 organizations across 42 countries, focusing on governments and telecom firms.
- Tactics: Used Google Sheets to conceal malicious traffic within normal network activity.
- Action Taken: Google and partners disabled the group's Cloud projects, infrastructure, and accounts.
- Assurance: “No Google products were compromised.” (Sarah Lane, 00:42)
- Chinese embassy refuted involvement.
- Google states this is “separate from other China linked campaigns such as Salt Typhoon.” (00:54)

2. TriZetto (Cognizant) Breach Exposes 3M+ Individuals

[01:00] TriZetto Provider Solutions disclosed a 2024 breach much larger than previously revealed:
- Impacted: 3,433,965 people’s sensitive information (SSNs, addresses, insurance details).
- Timeline: Attacker accessed historical insurance reports via a web portal from November 2024.
- Response: Law enforcement notified, Mandiant engaged for investigation, one year of credit monitoring offered.
- Subsidiary of Cognizant.

3. Cisco SD-WAN Zero-Day Exploited Since 2023

[01:37] Cisco disclosed a ten-out-of-ten severity flaw in Catalyst SD-WAN software.
- Issue: Authentication bypass lets attackers achieve high-privilege access, add rogue devices, and escalate to root by chaining with another known flaw.
- Timeline: Exploited since 2023.
- Action: CISA mandates all federal agencies patch by February 27, 2026; Cisco urges immediate investigation and patching.
- “Evidence they escalated to root by chaining a known flaw.” (Sarah Lane, 01:46)

4. Discord Delays Global Age Verification Policy

[02:17] Discord postpones its new age verification policy to later in 2026, following user pushback.
- Upcoming Changes: Will support more verification methods beyond IDs/selfies (e.g., credit cards).
- User Impact: Most users won’t need to submit IDs.
- Quote: “Discord said most users won't need to submit IDs, apologized for poor communication and emphasized the update is to comply with growing global regulations...” (Sarah Lane, 02:32)
- Regions Impacted: Australia, UK, Europe, Brazil, select US states.

5. Security Vulnerabilities in AI Coding Tool Claude

[03:35] Check Point researchers revealed multiple vulnerabilities in Anthropic’s Claude code.
- Risks: Remote code execution, API key theft via malicious repositories.
- Simply opening a malicious repo can compromise the developer’s AI environment.
- “Exploits involve project config files and untrusted repositories, letting attackers run arbitrary commands...” (Sarah Lane, 03:49).

6. Next.js Repo Attacks Targeting Developers

[04:04] North Korean actors target developers with malicious Next.js repositories disguised as job assignments.
- Opening such a repo can enable remote code execution and set up backdoors.
- Goal: Steal high-value company assets, poison software supply chain.
- Defensive Advice: Enforce IDE trust policies, monitor Node.js, restrict developer endpoint connections.
- “Microsoft warns the campaign exploits developer workflows, including automated Visual Studio code tasks...” (Sarah Lane, 04:17).

7. Marquee Sues SonicWall Over Catastrophic Backup Breach

[04:52] Marquee Software sues SonicWall following an August 2025 ransomware attack that compromised 74 US banks.
- Entry Point: Vulnerability in SonicWall’s MySonicWall Cloud Backup API (discovered Feb 2025).
- Data Exposed: Encrypted credentials, configs, MFA codes.
- Marquee seeks compensation for lost revenue, reputational damage, legal costs, and class-action defense.
- “Claims damages, reputational harm, lost revenue...” (Sarah Lane, 05:13).

8. $17.25M Settlement in Chicago Student Privacy Lawsuits

[05:39] PowerSchool and Chicago Public Schools settle after being accused of eavesdropping on student communications via school-mandated tech (Naviance platform).
- Terms: Payment, improved privacy, deletion of third-party data, creation of a privacy governance committee.
- Covers: Usage from August 2021 to January 2026.
- Context: Follows a 2025 hack affecting 62M students and 9.5M teachers.
- “The lawsuit follows prior concerns, including a 2025 hack exposing data for 62 million students...” (Sarah Lane, 06:04).

Notable Quotes & Memorable Moments

On Google’s Disruption of UNC2814:
- “No Google products were compromised.” (Sarah Lane, 00:42)
- “Google said the activity is separate from other China linked campaigns such as Salt Typhoon.” (00:54)
On User Backlash at Discord:
- “Discord said most users won't need to submit IDs, apologized for poor communication, and emphasized the update is to comply with growing global regulations...” (Sarah Lane, 02:32)
On Developer Tool Exploits:
- “Simply opening a malicious repository could compromise a developer's AI environment.” (Sarah Lane, 03:55)
- “Microsoft warns the campaign exploits developer workflows, including automated Visual Studio code tasks, to deliver backdoors.” (Sarah Lane, 04:17)
On Legal Action Post-Breach:
- “Claims damages, reputational harm, lost revenue...” (Sarah Lane, 05:13)
On the Scope of Student Privacy Concerns:
- “The lawsuit follows prior concerns, including a 2025 hack exposing data for 62 million students...” (Sarah Lane, 06:04)

Important Timestamps

00:17 — Google UNC2814 disruption detailed
01:00 — TriZetto breach scope and response
01:37 — Cisco SD-WAN exploit timeline and severity
02:17 — Discord’s global age verification delay
03:35 — Anthropic Claude code vulnerabilities
04:04 — Next.js repo attacks targeting developers
04:52 — Marquee lawsuit against SonicWall
05:39 — Chicago student privacy settlement

Episode Tone & Takeaways

For more information or in-depth stories, visit: CISOseries.com

wavePod

Powered by Wave AI

Summary

Cybersecurity Headlines — February 26, 2026

Episode Overview

Key Discussion Points & Insights

1. Google Disrupts Chinese-Linked Hacking Group UNC2814

2. TriZetto (Cognizant) Breach Exposes 3M+ Individuals

3. Cisco SD-WAN Zero-Day Exploited Since 2023

4. Discord Delays Global Age Verification Policy

5. Security Vulnerabilities in AI Coding Tool Claude

6. Next.js Repo Attacks Targeting Developers

7. Marquee Sues SonicWall Over Catastrophic Backup Breach

8. $17.25M Settlement in Chicago Student Privacy Lawsuits

Notable Quotes & Memorable Moments

Important Timestamps

Episode Tone & Takeaways

Summary

Cybersecurity Headlines — February 26, 2026

Episode Overview

Key Discussion Points & Insights

1. Google Disrupts Chinese-Linked Hacking Group UNC2814

2. TriZetto (Cognizant) Breach Exposes 3M+ Individuals

3. Cisco SD-WAN Zero-Day Exploited Since 2023

4. Discord Delays Global Age Verification Policy

5. Security Vulnerabilities in AI Coding Tool Claude

6. Next.js Repo Attacks Targeting Developers

7. Marquee Sues SonicWall Over Catastrophic Backup Breach

8. $17.25M Settlement in Chicago Student Privacy Lawsuits

Notable Quotes & Memorable Moments

Important Timestamps

Episode Tone & Takeaways