Cybersecurity Headlines – Episode Summary (Feb 27, 2026)

Podcast: Cybersecurity Headlines
Host: Steve Prentiss, CISO Series
Date: February 27, 2026
Episode Focus: Fast-paced rundown of major cybersecurity stories from enterprise, public sector, and threat research landscapes.

Episode Overview

This episode presents a roundup of significant cybersecurity developments, including NATO’s adoption of Apple devices for classified work, a novel backdoor campaign targeting US education and healthcare, critical flaws in Trend Micro’s Apex One, record-breaking ransomware activity paired with declining payments, advances in automated UK public sector security, warning signs for secure AI-driven development, and a blockchain-resilient botnet. Steve Prentiss maintains a brisk, fact-driven delivery throughout.

Key Stories & Discussion Points

1. NATO Approves Apple iPhones and iPads for Restricted Work

• [00:08–01:05]

  • Apple announces its iPhones and iPads are the first consumer devices approved for NATO Restricted-classified work.
  • Devices included in the NATO Information Assurance Products Catalog.
  • Notably, no special software or additional configurations required; native email, calendar, and contacts apps considered secure for classified work.

  “This means that iPhones and iPads can be used with classified information without requiring special software or settings.”
  — Steve Prentiss, [00:18]

2. Education and Healthcare Targeted by 'Door' Backdoor

• [01:05–02:04]

  • Cisco Talos discovers a yet-unknown group (“UAT 10027”) targeting US education and healthcare with a new backdoor called “door.”
  • The malware relies on DNS over HTTPS (DoH) for command and control, hiding servers behind Cloudflare infrastructure.
  • Likely uses social engineering/phishing leading to PowerShell-based infection.
  • Tactics resemble North Korean Lazarus and Kim Suki group operations.

  “The group’s goal is to deliver a new backdoor codenamed door, which uses DNS over HTTPS, hence the DoH in its name, for command and control communications.”
  — Steve Prentiss, [01:16]

3. Trend Micro Apex One – Critical Code Execution Flaws Patched

• [02:04–02:56]

  • Trend Micro patches two critical vulnerabilities (with CVEs) in Apex One endpoint security platform.
  • Allowed remote code execution, but attackers must have console access.
  • Customers with externally exposed management consoles urged to use source restrictions.

  “Successful exploitation requires attackers to have access to the Trend Micro Apex One management console…customers whose console’s IP address is exposed externally should consider mitigating factors…”
  — Steve Prentiss, [02:51]

4. Mano Mano (European E-commerce) Data Breach

• [02:56–03:42]
  • French online marketplace Mano Mano hit in breach affecting 38 million people (France, Belgium, Spain, Italy, Germany, UK).
  • Data taken: “basic PII,” no financial information compromised.
  • Root cause: Third-party vendor in Tunisia suffered Zendesk breach.

5. 2025 Ransomware Landscape: More Attacks, Fewer Payments

• [04:22–05:17]

  • Chainalysis reports attacks rose 50%, but payment rate dropped to 28%—an all-time low.
  • Estimated $820M paid out in 2025, may climb to $900M as data matures.
  • Improved incident response and regulatory pressure cited as main reasons for payout decline.

  “Companies are getting better at incident response and…regulatory scrutiny has increased to the point where payouts are now heavily discouraged.”
  — Steve Prentiss, [05:08]

6. UK’s Automated Scanning Cuts Vulnerability Response Times

• [05:17–06:05]

  • UK government’s “Vulnerability Monitoring Service” is rapidly fixing critical public sector flaws—400 per month across 6,000 organizations.
  • Platform continuously scans internet-facing government systems.

  “A central scanning platform that continuously checks Internet facing systems…for signs of known security weaknesses.”
  — Steve Prentiss, [05:26]

7. AI-Driven Development: Security Gaps Widening

• [06:05–06:51]

  • Veracode’s latest report: Influx of AI-generated code and faster release cycles mean more vulnerabilities created than fixed.
  • Elevated numbers partly reflect better use of detection tools.
  • Remediation is tougher as new code is added more rapidly.

  “High velocity development with AI is making comprehensive security unattainable.”
  — Steve Prentiss, [06:22]

8. Aeternum C2: Blockchain-Resilient Botnet

• [06:51–07:31]

  • Curator Labs exposes Aeternum C2 botnet loader, which uses the Polygon blockchain for encrypted command and control.
  • This tactic helps bots evade takedowns.
  • First spotted December 2025, offered on underground forums.

  “Uses a blockchain-based command and control infrastructure to make it resilient to takedown efforts.”
  — Steve Prentiss, [07:10]

Notable Quotes & Memorable Moments

• On regulatory impact on ransomware payments:

  “Regulatory scrutiny has increased to the point where payouts are now heavily discouraged.”
  — Steve Prentiss, [05:10]

• On AI-driven security paradox:

  “More vulnerabilities are being created than are being fixed and that high velocity development with AI is making comprehensive security unattainable.”
  — Steve Prentiss, [06:22]

Timestamps for Key Segments

• [00:08] – NATO approves Apple devices
• [01:05] – 'Door' backdoor campaign against US sectors
• [02:04] – Trend Micro Apex One flaws
• [02:56] – Mano Mano data breach
• [04:22] – Ransomware payment/report
• [05:17] – UK automated vulnerability scanning
• [06:05] – AI and secure software development
• [06:51] – Aeternum C2 Blockchain botnet

Takeaway

The episode underscores the continuously evolving threat landscape—where attackers innovate (backdoors, blockchain botnets), regulatory and organizational responses shift (ransomware payouts fall), and technological progress (AI-accelerated development, automated vulnerability scanning) offers both hope and new risks.