Cisco SD-WAN Bug Actively Exploited, MCP Azure Takeover Demo, CarGurus Data Leak, and Secret Service Scam Recovery

Host Jim Love covers four cybersecurity stories: CSA warns a critical Cisco Catalyst SD-WAN controller vulnerability (CVE-2026-20127) has been exploited since 2023, enabling authentication bypass and rogue peering sessions, and orders U.S. federal agencies to inventory systems, collect logs and forensic artifacts, hunt for compromise, and apply Cisco's fixes by 5:00 PM ET on February 27, 2026, with no workarounds. At RSA, researchers show how flaws in Model Context Protocol (MCP)—a key integration layer for agentic AI—could lead to remote code execution and even Azure tenant takeover, highlighting rising enterprise risk. ShinyHunters reportedly published 12.4 million stolen CarGurus records, raising phishing and fraud concerns tied to vehicle shopping and financing context. Finally, an Ontario tech support scam victim recovers funds through coordinated work by Ontario Provincial Police and the U.S. Secret Service, which traced and froze the money in time.

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst

LINKS
Cisco Advisory
Cisco Security Advisory – CVE-2026-20127
Authentication bypass vulnerability in Cisco Catalyst SD-WAN
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk

CISA Supplemental Hunt and Hardening Guidance (Cisco SD-WAN Systems)
https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems

Threat Hunt Guide (Technical PDF)
Cisco SD-WAN Threat Hunt Guide (jointly referenced in federal guidance)
https://media.defense.gov/2026/Feb/25/2003880299/-1/-1/0/CISCO_SD-WAN_THREAT_HUNT_GUIDE.PDF

00:00 Sponsor Message
00:19 Cisco SD-WAN Under Attack
02:48 MCP Azure Takeover Demo
05:28 CarGurus Data Dump
07:16 Secret Service Scam Recovery
09:24 Closing Sponsor Thanks

Discord Drops Persona Age Verification, SolarWinds Serv-U Critical RCEs, Splunk Windows Priv Esc, and Smart TV Screenshot Surveillance Lawsuits

In this episode of Cybersecurity Today, host Jim Love covers Discord ending its age-verification experiment with Persona after user backlash and researcher findings that Persona's front-end code suggested up to 269 verification checks, including watch list screening and risk scoring, amid already-thin trust following an earlier breach that exposed government ID images. The show also highlights SolarWinds Serv-U 15.5.0.4 patches for four critical (CVSS 9.1) remote code execution vulnerabilities (CVE-2025-40538, CVE-2025-40539, CVE-2025-40540, CVE-2025-40541), noting they require high privileges and that self-hosted Windows/Linux instances must be upgraded, with estimates ranging from under 1,200 to over 12,000 internet-exposed servers. Splunk discloses a high-severity Windows privilege escalation flaw (CVE-2025-2386, CVSS 8.0) caused by incorrect install-directory permissions in versions before 10.0.0.2, 9.4.0.6, 9.3.0.8, and 9.2.10, enabling local users to potentially escalate privileges and tamper with logging. Finally, Texas Attorney General Ken Paxton sues Samsung, Sony, LG, Hisense, and TCL, alleging smart TVs use automated content recognition to capture screen content—potentially up to twice per second—and transmit it without meaningful consent, with implications for both home viewing and confidential business use; the episode emphasizes reviewing and disabling ACR settings and accounting for network-connected screens in security models.

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst

00:00 Sponsor Message Meter
00:20 Discord Age Verification Backlash
01:37 Persona Code Raises Alarms
03:08 SolarWinds Serv-U Critical RCEs
04:51 Splunk Windows Priv Esc
06:18 Smart TV Screenshot Surveillance
08:35 Wrap Up and Sponsor Thanks

AI-Accelerated FortiGate Breaches, Amazon Kiro Prod Disruption, Claude Code Security, Salt Typhoon Warning, and Youth Radicalization Risks

Episode of Cybersecurity Today (hosted by David Shipley) covering: a Russian-speaking hacker using AI-written automation tools to breach 600+ Fortinet FortiGate firewalls across 55 countries by exploiting weak passwords and exposed management interfaces without MFA, with advice to lock down edge management access, enforce MFA, and strengthen password policies; an Amazon Kiro AI coding tool incident tied to a misconfigured role that allegedly deleted and recreated a production environment, causing a 13-hour disruption to AWS Cost Explorer services in one of two mainland China regions, prompting warnings about giving AI agents access to production and the need for guardrails and review processes; Anthropic's Claude Code Security launch, an AI-driven code vulnerability analysis feature that maps code interactions and data flows, provides severity and confidence scoring, keeps humans in the loop, and sparked stock drops for CrowdStrike and Cloudflare while noting limits for legacy code; an FBI warning that China-linked Salt Typhoon remains a serious threat in 80+ countries by exploiting basic weaknesses like unpatched systems, old code, reused passwords, and phishing, alongside concern over the FCC loosening US telecom cybersecurity requirements and calls for stronger critical infrastructure regulation and secure-by-default equipment; and a Canada-focused segment on youth online radicalization including a second RCMP terrorism peace bond in New Brunswick linked to the 764 extremist network (designated a terrorist organization in December 2025), plus reporting that the Tumbr Ridge, BC school shooting suspect had a ChatGPT account suspended in June 2025 and that OpenAI employees allegedly sought to notify authorities but were rebuffed, drawing condemnation from BC Premier David Eby and federal AI minister Evan Solomon and renewed calls for stronger cooperation, accountability, and intervention frameworks.

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst

00:00 Sponsor: Meter + Today's Cybersecurity Headlines
00:48 AI-Automated Hacking: 600+ FortiGate Firewalls Breached
02:25 How to Defend: Lock Down Edge Management, MFA, Strong Passwords
03:28 Amazon's Kiro AI Coding Tool Incident: 'Deleted Prod' and Lessons Learned
06:44 Claude Code Security: AI-Powered AppSec for Developers (and the Hype)
10:20 FBI Warning: Salt Typhoon Still Hitting Telecoms Worldwide
13:32 Youth Radicalization & AI Safety Failures: 764 Network and Tumblr Ridge Aftermath
18:12 Wrap-Up + Sponsor Message: Meter Demo Info