Neural Newscast

[00:00] Announcer: From Neural Newscast, this is Prime Cyber Insights, Intelligence for Defenders, Leaders, and Decision Makers.
[00:06] Aaron Cole: Welcome to Prime Cyber Insights for February 26, 2026. I'm Aaron Cole, and we are tracking
[00:13] Aaron Cole: several massive stories that are shaking the foundations of enterprise and national security today.
[00:20] Aaron Cole: And I'm Lauren Mitchell.
[00:21] Chad Thompson: We're starting with a maximum severity Cisco Zero Day that's been active for years, plus a major sentencing in a high-profile defense contractor leak.
[00:31] Chad Thompson: Joining us today is Chad Thompson, a director-level AI and security leader with a systems-level perspective on automation, enterprise risk, and operational resilience.
[00:42] Chad Thompson: Chad, great to have you.
[00:43] Lauren Mitchell: Great to be here, Lauren.
[00:48] Lauren Mitchell: We're seeing a real collision between infrastructure vulnerabilities and sophisticated human-driven threats right now.
[00:55] Aaron Cole: Let's dive right into that Cisco news, Lauren.
[00:57] Aaron Cole: This is CVE 2026-20127, a perfect 10 out of 10 on the severity scale.
[01:05] Aaron Cole: CISA just added it to the Known Exploited Vulnerabilities Catalog.
[01:09] Chad Thompson: Exactly, Aaron. This flaw in the Cisco Catalyst SD-WAN has been exploited since at least 2023
[01:18] Chad Thompson: by a group tracked as UAT minus 8616. They've been using it to add rogue peers and manipulate
[01:26] Chad Thompson: the network fabric itself. Chad, from a risk perspective, what's most concerning about a
[01:33] Chad Thompson: two-year-old zero day finally surfacing? The persistence is the issue.
[01:39] Lauren Mitchell: by downgrading firmware and then covering their tracks.
[01:44] Lauren Mitchell: These actors have had root access for years.
[01:48] Lauren Mitchell: It shows that even in highly automated SDWAN environments,
[01:54] Lauren Mitchell: the visibility into the how and when of configuration changes is still
[01:59] Lauren Mitchell: You know, a massive operational blind spot for most enterprises.
[02:04] Aaron Cole: That's notable, Lauren.
[02:06] Aaron Cole: And we're seeing that insider knowledge theme play out in a big way with Peter Williams.
[02:11] Aaron Cole: The former L3 Harris executive was just sentenced to 87 months for selling zero-day exploits to the Russian broker Operation Zero for over a million dollars.
[02:22] Chad Thompson: It's a staggering breach of trust, Aaron. Williams allegedly stole tools worth $35 million to Trenchant.
[02:31] Chad Thompson: Chad, you focus on systems-level resilience.
[02:35] Chad Thompson: How does an organization even begin to defend against a general manager with full network access who is actively framing other employees?
[02:45] Lauren Mitchell: It's the hardest problem in security.
[02:48] Lauren Mitchell: I mean, you can't just rely on access controls when the person in charge of them is the adversary.
[02:55] Lauren Mitchell: It requires decoupled audit logs and behavioral analytics that don't live on the same network that the executive manages.
[03:04] Lauren Mitchell: This case is a wake-up call for the defense industrial base regarding intellectual property protection.
[03:12] Aaron Cole: Speaking of scale, the Conduant breach just exploded from 10 million to 25 million affected individuals.
[03:20] Aaron Cole: We're talking about Texas and Oregon state benefits, social security numbers, and 8 terabytes of data exfiltrated by the Safe Pay ransomware gang.
[03:31] Chad Thompson: Absolutely, Aaron. It's a classic third-party blind spot.
[03:34] Chad Thompson: People don't even know who Conduant is, but they process the Medicaid and SNAP benefits those people rely on.
[03:41] Chad Thompson: Combined with the news that groups like scattered lapsus dollar hunters are now recruiting female voices on Telegram to social engineer help desks,
[03:50] Chad Thompson: the human element of security is under massive pressure.
[03:53] Lauren Mitchell: That's right. Whether it's the Conduant scale or the help desk ruses, the goal is always the same.
[04:01] Lauren Mitchell: Leverage the weakest point in the chain.
[04:04] Lauren Mitchell: often the third-party processor or the service agent,
[04:08] Lauren Mitchell: to gain high-level credentials.
[04:11] Lauren Mitchell: A verification must move beyond voice-only calls immediately.
[04:15] Aaron Cole: Urgency is the word of the day.
[04:18] Aaron Cole: Chad, thanks for joining us to break this down.
[04:20] Aaron Cole: For Prime Cyber Insights, I'm Aaron Cole.
[04:23] Chad Thompson: And I'm Lauren Mitchell.
[04:25] Chad Thompson: Stay resilient and we'll see you next time.
[04:28] Chad Thompson: You can find more resources at pci.neuronnewscast.com.
[04:33] Chad Thompson: Neural Newscast is AI-assisted, human-reviewed.
[04:38] Chad Thompson: View our AI transparency policy at neuralnewscast.com.
[04:42] Announcer: This has been Prime Cyber Insights on Neural Newscast.
[04:46] Announcer: Intelligence for defenders, leaders, and decision makers.
[04:49] Announcer: Neural Newscast uses artificial intelligence in content creation
[04:53] Announcer: with human editorial review prior to publication.
[04:56] Announcer: While we strive for factual, unbiased reporting, AI-assisted content may occasionally contain
[05:02] Announcer: errors. Verify critical information with trusted sources. Learn more at neuralnewscast.com.