Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On February 25, 2026, Cisco released fixes for a maximum severity authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN Manager (formerly vManage), tracked as CVE-2026-20127. The flaw arises from a broken peering authentication mechanism in the control-plane authentication workflow. This vulnerability potentially allows a remote, unauthenticated threat actor to bypass authentication and obtain administrative privileges on an affected system.

LimaCharlie's Agentic SecOps Workspace (ASW) enables true agentic security operations. With us, AI doesn't just advise but actively operates within your security environment. We do this by integrating everything, including AI, on our cloud platform via API. Our approach delivers superior AI security automation capabilities at a fraction of the cost, allowing security teams to scale operations without growing headcount.

FalconID is now generally available, bringing phishing-resistant MFA to the CrowdStrike Falcon platform and advancing CrowdStrike’s leadership in identity security. Adversaries continue to use legitimate identities to infiltrate and navigate organizations while evading defenses. As they adopt AI, the scale and impact of social engineering and credential abuse are growing. AI-enhanced phishing, MFA fatigue, and session hijacking enable threat actors to bypass MFA.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Any plans for the weekend? Might want to do these first though.

CVE-2026-20127 is a critical authentication bypass vulnerability affecting Cisco Catalyst SD-WAN Controller (vSmart) and Cisco Catalyst SD-WAN Manager (vManage). The flaw stems from improper validation within the control plane and management plane authentication mechanisms, allowing a remote, unauthenticated attacker to submit crafted requests that bypass standard authentication controls. Successful exploitation results in access to the system as a high-privileged internal user account.

The Asia-Pacific region is home to the highest concentration of manufacturing sites on the planet, so it comes as no surprise that manufacturers here absorb more attacks than the rest of the world combined. LevelBlue SpiderLabs compiled the Manufacturing Threat Landscape 2025 report, which noted that 56% of all attacks targeting the manufacturing sector occurred in the APAC region. This is compared to 22% in North America, Europe (16%), and Africa (2%).

In my previous piece, "The Agentic AI Governance Blind Spot," I laid out what I believe is one of the most critical gaps in the AI governance landscape today: the three most cited frameworks in AI governance, NIST AI RMF, ISO 42001, and the EU AI Act, don’t contain a single mention of agentic AI. Not one reference to autonomous agents, multi-agent systems, or AI that takes actions with real-world consequences. The response to that piece confirmed what I suspected.

In this second installment of a series on the transformation of SafeBreach’s development organization, VP of Development Yossi Attas details a structured operational workflow that integrates Jira, BitBucket, and Claude Code to turn AI usage from ad-hoc prompting into a rigorous engineering methodology.

Cyber threat intelligence is often presented as a catalog of named threat actors, past incidents, and attribution labels that promise clarity. For defenders trying to understand risk, this structure feels reassuring. It suggests that threats can be identified, tracked, and anticipated based on observed behaviors. In practice, that confidence is often overstated.

Proprietary data is the definitive differentiator in the age of AI. Models can be replicated, infrastructure can be rented, and tools can be replaced. What cannot be easily reproduced is institutional knowledge, customer insight, and strategic intent found in enterprise data. This data must be continuously identified, deeply understood, and actively protected as it changes state, location, and context.