Top stories.
- Five Eyes agencies warn of maximum-severity Cisco vulnerability.
- Greek court sentences four Intellexa associates over spyware scandal.
- Hacker reportedly used Claude and ChatGPT to hack the Mexican government.
- CISA’s acting director steps down.
- SolarWinds patches critical RCE flaws.
Five Eyes agencies warn of maximum-severity Cisco vulnerability.
Intelligence agencies from the Five Eyes alliance have warned of active exploitation of two vulnerabilities affecting Cisco SD-WAN systems. CVE-2026-20127, which has a CVSS score of 10.0, is an authentication bypass flaw that can "allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system." The attackers are also exploiting CVE-2022-20775, a high-severity privilege escalation flaw that allows authenticated attackers to execute arbitrary commands as root.
Researchers at Cisco Talos say a sophisticated threat actor has been exploiting CVE-2026-20127 since at least 2023. According to a Hunt Guide published by the Australian Signals Directorate and its Five Eyes partners, the attacker gained initial access via CVE-2026-20127, then downgraded the system to a version vulnerable to CVE-2022-20775 to obtain root privileges.
The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered US Federal agencies to address CVE-2026-20127 by Saturday, February 27th. Cisco Talos offers guidance to help customers remediate the flaw and determine if a system has been compromised.
Greek court sentences four Intellexa associates over spyware scandal.
A Greek court has sentenced the founder of the Intellexa Consortium and three of his associates to eight years in prison, the Record reports. Intellexa is an Athens-based Israeli company that develops the Predator spyware. The company's founder, former Israeli soldier Tal Dilian, currently lives in Cyprus and was sentenced in absentia.
The four men were implicated in 2022's "Greek Watergate," a surveillance scandal that involved the illegal use of the Predator spyware by Greek intelligence services to spy on more than 90 members of civil society, including government ministers, senior military officials, and journalists. The head of Greece's EYP intelligence service stepped down following the scandal, as did one of the prime minister's aides. In July 2024, Greece's Supreme Court cleared the intelligence services and political officials of wrongdoing, angering victims and opposition parties, POLITICO reports.
Hacker reportedly used Claude and ChatGPT to hack the Mexican government.
A hacker used Anthropic's Claude AI to breach several Mexican government agencies, exfiltrating 150 gigabytes of data containing taxpayer information, voter records, government employee credentials, and civil registry files, Bloomberg reports. Researchers at Gambit Security said the hacker breached Mexico City’s civil registry and Monterrey’s water utility, as well as state governments in Mexico, Jalisco, Michoacán, and Tamaulipas. Several of the Mexican agencies denied being breached, while others declined to comment.
According to Gambit, the attacker bypassed Claude's guardrails by telling the AI tool that it was conducting a penetration test for a bug bounty. Claude refused to follow overtly suspicious instructions, but the attacker eventually got past this by providing the AI with a detailed playbook on what to do. The threat actor also used OpenAI's ChatGPT for additional insights. Curtis Simpson, Gambit Security's Chief Strategy Officer, told Bloomberg, "In total, it produced thousands of detailed reports that included ready-to-execute plans, telling the human operator exactly which internal targets to attack next and what credentials to use."
OpenAI banned the hacker's accounts after Gambit notified them of the abuse. Anthropic also said it investigated the activity, banned the user's accounts, and updated its safeguards. Gambit says the attacker likely wasn't state-sponsored.
CISA’s acting director steps down.
Madhu Gottumukkala has stepped down as acting director of the US Cybersecurity and Infrastructure Security Agency (CISA), to be replaced by Nick Andersen, the agency's Executive Director for Cybersecurity, CyberScoop reports. Andersen has previously held IT and cybersecurity roles at the Coast Guard, the Navy, and the Department of Energy. Sean Plankey, President Trump's nominee for full-time CISA director, has been stalled in the confirmation process for months.
CyberScoop reported earlier this week on bipartisan criticisms of CISA over the past year, including scrutiny of Gottumukkala's leadership. A DHS spokesperson told CyberScoop that Gottumukkala "has done a remarkable job in a thankless task of helping reform CISA back to its core statutory mission." Gottumukkala will remain at DHS as director of strategic implementation.
The leadership shift coincides with reports that CISA Chief Information Officer Robert Costello is also departing.
SolarWinds patches critical RCE flaws.
SolarWinds has patched four critical vulnerabilities affecting its Serv-U file transfer software, BleepingComputer reports. The flaws, each of which has a severity score of 9.1, could allow attackers to achieve remote code execution as root. The most serious of the flaws is CVE-2025-40538, a broken access control vulnerability that "gives an attacker the ability to create a system admin user and execute arbitrary code as root via domain admin or group admin privileges."
All four vulnerabilities require attackers to have obtained elevated access, limiting exploitation to scenarios involving stolen credentials or chained privilege escalation. Users are urged to apply the patches promptly.
