Transcript
A (0:00)
From the CISO series. It's Cybersecurity Headlines
B (0:07)
these are the cybersecurity headlines for Thursday, February 26, 2026. I'm Sarah Lane. Google disrupts UNC 2814 Google says it disrupted a Chinese linked hacking group known as UNC 2814, also known as Gallium, that breached at least 53 organizations across 42 countries. The group's been active for nearly a decade and mostly targets governments and telecom firms, and used Google Sheets to blend malicious activity into normal network traffic. Google and partners shut down the group's Google Cloud projects, infrastructure and accounts, stressing that no Google products were compromised. China's embassy denied the allegations. Google said the activity is separate from other China linked campaigns such as Salt typhoon. More than 3 million impacted by Trizato breach Health insurance technology provider Trizeto Provider Solutions said a 2024 breach exposed data from 3,433,965 people, far more than initially disclosed. The company discovered in October that a hacker had access to historical insurance eligibility reports through a web portal beginning in November of 2024, compromising Social Security numbers, addresses and insurance details. Trizetto is a Cognizant subsidiary and notified law enforcement and hired Mandiant to investigate and is offering one year of credit monitoring to affected individuals. Cisco SD1 bug exploited since 2023 Cisco disclosed that a critical Cisco Catalyst software defined Wide area network authentication BYP has been exploited since 2023 to compromise controllers and add rogue peers. The 10.0 severity bug lets attackers gain high privileged access and manipulate network configurations with evidence they escalated to root by chaining, a known flaw CISA ordered federal agencies to patch by February 27th. Cisco released fixes and urges customers to investigate and secure exposed systems. Discord puts Global age verification policy on hold Discord delayed its global Age verification policy to the second half of 2026 after user backlash. The platform will expand verification options beyond ID or selfies, including credit cards, and publish a technical blog explaining its systems. Discord said most users won't need to submit IDs, apologized for poor communication and emphasized the update is to comply with growing global regulations in Australia, the uk, Europe, Brazil and some US States. Huge thanks to our sponsor, Adaptive Security. This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI powered social engineering. Attackers don't need malware anymore, they need trust. Set a simple passphrase for high risk actions like a wire request or urgent account recovery, especially within finance teams and families. If the caller can't answer it pause and verify adaptive runs, deepfake, and vishing simulations so employees practice this before it's real. Learn more@adaptivesecurity.com Claude Code flaws abound Researchers at Check Point disclosed multiple vulnerabilities in Anthropic's Claude code that could allow remote code execution and API. Key theft exploits involve project configuration files and untrusted repositories, letting attackers run arbitrary commands, exfiltrate API credentials, and potentially access cloud stored data. Simply opening a malicious repository could compromise a developer's AI environment. Next JS repos target devs via fake jobs North Korean linked hackers are targeting developers with malicious Next JS repositories disguised as job interview projects. Opening these repos can trigger remote code execution, establish persistent command and control channels, and exfiltrate sensitive data. Microsoft warns the campaign exploits developer workflows, including automated Visual Studio code tasks, to deliver backdoors. It's meant to access high value assets and poison the software supply chain. Defenses include enforcing IDE trust policies, monitoring Node JS execution, and restricting outbound connections from developer endpoints. Marquee sues SonicWall over backup breach Marquee Software Solutions is suing SonicWall for gross negligence after a ransomware attack from August 14 disrupted 74 US banks. Hackers accessed Marquee data by exploiting a February 2025 vulnerability in SonicWall's MySonicWall Cloud Backup API, not an unpatched firewall flaw. The breach exposed encrypted credentials, configurations and MFA codes. Marquee claims damages reputational harm, lost revenue and seeks compensation, indemnification and attorneys fees while defending 36 related class action lawsuits. PowerSchool Chicago Public Schools settle student privacy lawsuits PowerSchool and Chicago Public Schools will pay $17.25 million to settle a class action lawsuit alleging they eavesdropped on student communications via school mandated technology. The settlement covers users of the Naviance platform from August of 2021 to January of 2026 and requires PowerSchool to improve privacy practices, delete third party data and create a governance committee. Heap Incorporated was removed from this case but faces separate litigation in New York State. The lawsuit follows prior concerns, including a 2025 hack exposing data for 62 million students and 9.5 million teachers. We know that phishing is a major threat vector, so why does it seem like phishing tests only make things worse? We dig into harsh reality of phishing test effectiveness on this week's episode of Defense in Depth. Make sure you're subscribed in your podcast app of choice and look for the episode. Should you fish your employees or not? If you have some thoughts on the news from today or about our show in general, be sure to reach out@feedbackisoseries.com we would love to hear from you. I am Sarah Lynn reporting for the CISO series. Stay classy out there everybody and we'll talk to you tomorrow.