Top stories.
- Five Eyes agencies warn of maximum-severity Cisco vulnerability.
- Hacker reportedly used Claude and ChatGPT to hack the Mexican government.
- Moscow man accused of posing as an FSB officer to extort the Conti ransomware gang.
Five Eyes agencies warn of maximum-severity Cisco vulnerability.
Intelligence agencies from the Five Eyes alliance have warned of active exploitation of two vulnerabilities affecting Cisco SD-WAN systems. CVE-2026-20127, which has a CVSS score of 10.0, is an authentication bypass flaw that can "allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system." The attackers are also exploiting CVE-2022-20775, a high-severity privilege escalation flaw that allows authenticated attackers to execute arbitrary commands as root.
Researchers at Cisco Talos say a sophisticated threat actor has been exploiting CVE-2026-20127 since at least 2023. According to a Hunt Guide published by the Australian Signals Directorate and its Five Eyes partners, the attacker gained initial access via CVE-2026-20127, then downgraded the system to a version vulnerable to CVE-2022-20775 to obtain root privileges.
The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered US Federal agencies to address CVE-2026-20127 by tomorrow, February 27th. Cisco Talos offers guidance to help customers remediate the flaw and determine if a system has been compromised.
Hacker reportedly used Claude and ChatGPT to hack the Mexican government.
A hacker used Anthropic's Claude AI to breach several Mexican government agencies, exfiltrating 150 gigabytes of data containing taxpayer information, voter records, government employee credentials, and civil registry files, Bloomberg reports. Researchers at Gambit Security said the hacker breached Mexico City’s civil registry and Monterrey’s water utility, as well as state governments in Mexico, Jalisco, Michoacán, and Tamaulipas. Several of the Mexican agencies denied being breached, while others declined to comment.
According to Gambit, the attacker bypassed Claude's guardrails by telling the AI tool that it was conducting a penetration test for a bug bounty. Claude refused to follow overtly suspicious instructions, but the attacker eventually got past this by providing the AI with a detailed playbook on what to do. The threat actor also used OpenAI's ChatGPT for additional insights. Curtis Simpson, Gambit Security's Chief Strategy Officer, told Bloomberg, "In total, it produced thousands of detailed reports that included ready-to-execute plans, telling the human operator exactly which internal targets to attack next and what credentials to use."
OpenAI banned the hacker's accounts after Gambit notified them of the abuse. Anthropic also said it investigated the activity, banned the user's accounts, and updated its safeguards. Gambit says the attacker likely wasn't state-sponsored.
Moscow man accused of posing as an FSB officer to extort the Conti ransomware gang.
Russian authorities have accused a Moscow man of impersonating an FSB officer in an attempt to extort members of the Conti ransomware group, the Record reports. The suspect, Ruslan Satuchin, allegedly contacted Conti, claiming to have influence over law enforcement operations targeting the group. Satuchin purportedly demanded a large payment in exchange for not prosecuting the group. Russian authorities often turn a blind eye to Russia-based ransomware gangs as long as they don't attack entities in Russia or former Soviet states.
Satuchin, who denies wrongdoing, is being held in pre-trial detention and faces up to ten years in a Russian prison.
