Two perfect CVSS 10.0 scores in one news cycle. A state-sponsored actor living inside Cisco's SD-WAN platform since 2023. A brand-new lateral movement technique called "Ghost NICs" that leaves no forensic trace. An AI chatbot jailbroken to steal 195 million government records. A North Korean hacking group bridging air-gapped networks with USB drives and an embedded Ruby runtime. And a phishing platform so sophisticated it makes your multi-factor authentication functionally useless.
This is Hacking News Episode 64 from Exploit Brokers by Forgebound Research. Five stories, multiple nation-state actors, and some genuinely novel attack techniques. Let's get into it.
🕐 TIMESTAMPS
0:00 — Cold Open
1:12 — Welcome & CTA
1:55 — Story 1: Cisco SD-WAN Zero-Day (CVE-2026-20127, CVSS 10.0) — Five Eyes Response
6:55 — Story 2: Dell RecoverPoint Zero-Day (CVE-2026-22769, CVSS 10.0) — Ghost NICs
11:35 — Story 3: Claude AI Jailbreak — 195 Million Mexican Government Records
15:27 — Story 4: ScarCruft Air-Gap Bridging — "Ruby Jumper" Campaign
19:55 — Story 5: Starkiller Phishing-as-a-Service — MFA Bypass
25:02 — Recap & 5 Key Takeaways
27:28 — Outro
📚 SOURCES
Story 1 — Cisco SD-WAN:
Cisco Advisory cisco-sa-sdwan-rpa-EHchtZk — https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk
CISA Emergency Directive 26-03 — https://www.cisa.gov/emergency-directive-26-03
ASD-ACSC Hunt Guide — https://www.cyber.gov.au/
BleepingComputer — https://www.bleepingcomputer.com/
The Hacker News — https://thehackernews.com/
Dark Reading — https://www.darkreading.com/
SecurityWeek — https://www.securityweek.com/
Story 2 — Dell RecoverPoint:
Google Cloud / Mandiant GTIG Report — https://cloud.google.com/blog/topics/threat-intelligence/
Dell Security Advisory DSA-2026-079 — https://www.dell.com/support/kbdoc/en-us/000426742/
CISA Known Exploited Vulnerabilities Catalog — https://www.cisa.gov/known-exploited-vulnerabilities-catalog
The Hacker News — https://thehackernews.com/
SecurityWeek — https://www.securityweek.com/
CyberScoop — https://cyberscoop.com/
Story 3 — Claude AI Jailbreak:
Bloomberg (Feb 25, 2026) — https://www.bloomberg.com/
VentureBeat — https://venturebeat.com/
Gambit Security Research — https://gambitsecurity.com/
Story 4 — ScarCruft Ruby Jumper:
Zscaler ThreatLabz Report (Feb 27) — https://www.zscaler.com/blogs/security-research/
The Hacker News — https://thehackernews.com/
BleepingComputer — https://www.bleepingcomputer.com/
Story 5 — Starkiller PhaaS:
Krebs on Security — https://krebsonsecurity.com/
Abnormal AI Technical Analysis — https://abnormalsecurity.com/blog/
Dark Reading — https://www.darkreading.com/
Infosecurity Magazine — https://www.infosecurity-magazine.com/
⚠️ DISCLAIMER
The content presented by Exploit Brokers by Forgebound Research is for educational and informational purposes only. Cipherceval is a cybersecurity educator and commentator — not your personal security consultant, legal counsel, or professional advisor. The information shared here reflects publicly available research, industry reporting, and the host's personal perspective. It does not constitute professional security consulting or individualized guidance for your specific environment. Always consult with qualified professionals for decisions affecting your systems and security posture.
🔔 Subscribe for weekly cybersecurity news and analysis.
👍 Like if this episode was helpful.
🔗 Share with your team — awareness is the first line of defense.
#cybersecurity #hackernews #exploitbrokers #cipherceval #infosec #cisco #sdwan #cve #zerodday #ghostnics #dell #recoverpoint #claudeai #jailbreak #scarcruft #northkorea #airgap #starkiller #phishing #mfa #fido2 #passkeys #fiveeyes #cisa #threatintelligence #apisecurity #cyberthreat #nationstatehacking #databreach
