# Today's Top Stories

Cisco has confirmed active exploitation of CVE-2026-20245, a high-severity flaw (CVSS 7.8) in Catalyst SD-WAN Manager affecting on-premises, Cloud-Pro, Cloud (Cisco Managed), and FedRAMP government deployments — with no patch currently available. Security teams running any of these SD-WAN configurations should treat this as an urgent priority given active in-the-wild exploitation and the breadth of affected deployment types.

Mandiant reports that the Silent Ransom Group (SRG) is actively targeting U.S. law firms and professional services organizations through vishing campaigns impersonating IT support, enabling data theft within hours of initial contact. The speed of compromise — sometimes under a single business day — makes this threat particularly acute for organizations with sensitive client data and less mature security operations.

A new Gafgyt botnet variant dubbed C0XMO is actively exploiting a vulnerability in DD-WRT router firmware, targeting multiple CPU architectures and programmatically terminating competing malware processes to monopolize infected devices. Security teams managing DD-WRT-based network infrastructure should audit for compromise indicators, as the botnet's cross-architecture capability broadens its attack surface significantly.

A researcher reverse-engineered Bright Data's iOS SDK — embedded in consumer apps including those running on always-on smart TVs — and found it silently enrolls devices as exit nodes in what Bright Data markets as the world's largest residential proxy network, heavily targeting AI industry web-scraping customers. This supply-chain-style proxy abuse has direct implications for enterprise network defenders who may see unexpected traffic originating from consumer device IP ranges.

A school shooting survivor has filed suit against an AI-based gun detection vendor after the system failed to identify a weapon before a shooting, raising legal and technical questions about accuracy thresholds required for safety-critical AI deployments. This case sets a potential precedent for liability standards in AI security systems used in physical security contexts.

Opal Security closed a $23 million funding round — bringing its total to $59 million — to expand its AI-native identity governance platform and announced five senior leadership hires. The investment signals continued enterprise demand for automated identity access management tooling amid ongoing credential-based attack trends.

Emphere raised $2.1 million to develop an AI-driven vulnerability remediation solution aimed at software companies seeking to accelerate release cycles. While early-stage, the product targets the gap between vulnerability identification and remediation that plagues many development pipelines.

Microsoft released an open-source fork of Windows Terminal called Intelligent Terminal, integrating AI assistance directly into the terminal interface without disrupting active sessions. Security practitioners using Windows Terminal for administrative and scripting tasks may find the tool relevant as AI-assisted command-line tooling becomes more prevalent.

Ars Technica published a piece on microbes found living in proximity to Ötzi the Iceman, exploring the boundary between artifact and ecosystem. This article has no relevance to cybersecurity practitioners.

Ars Technica reported that American Diabetes Association journal editor-in-chief Steven Kahn and former ADA president Desmond Schatz were ejected from a diabetes conference for distributing journal reprints. This article has no relevance to cybersecurity practitioners.