February 28, 2026 - Red Dot Security

Header image for the Red Dot Weekly Cyber Security News https://reddotsecurity.news

Hello all,

Unlike the prior week, there was a lot to report on this week, starting with a brand-new way to extract your information from wireless networks, three-year old Cisco zero-day exploit, and more. The good guys had some nice wins with the sentencing of a dirtbag, sanctions on another, disruption of a Chinese espionage organization and serious disruption of the ransomware ecosystem. So on to the news.

Headline NEWS:

AirSnitch WiFi Exploit enables a malicious actor to perform man-in-the-middle attacks and steal information that traverses the same physical access point. This attack only requires that the threat actor be joined to the access point. It can be the supposedly isolated guest network. However, due to the newly discovered exploit, the traffic from other networks can be accessed and tapped into. Complexity is a bit high so far, and it requires access to the network, but it is only a matter of time before evil people weaponize this defect. The race is on now for manufacturers to fix their underlying software to plug this hole.
Cisco SD-WAN has a defect that apparently has been exploited since 2023. In a new warning regarding Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager, the manufacturer urges clients to update to the latest version and check for signs of compromise. CISA gave government agencies until Friday of this past week to collect all logs and forensic snapshots from their systems, to upgrade them to patched versions, search for signs of compromise, to follow vendor guidance to harden their devices, and finally to report a detailed inventory and any findings. The “Five Eyes” governments are all urging similar for their agencies. This cannot and should not be ignored. It is as serious as it gets.
SolarWinds Serv-U released patches for multiple defects this past week. Four identified ones can enable a threat actor to gain root access on the file transfer system. Multiple other fixes are proffered with updated version 15.5.4. And while this is not suspected of being publicly exploited, it would be advisable to patch quickly.
Zyxel Routers have a critical RCE. At least a dozen different models have defects that can allow a threat actor to gain unauthenticated remote code execution. A caveat is that by default WAN configuration is disabled. If this hasn’t been enabled, then the router is not exploitable. Nevertheless, Zyxel urges all clients to update to the latest firmware as soon as possible.

In Ransomware, Malware, and Vulnerabilities News:

CrowdStrike 2026 Global Threat Report came out Tuesday and revealed some disturbing numbers. The most troubling being that the average time a threat actor took from initial access to moving to other systems in a network dropped to 29 minutes in 2025. And the fastest recorded time dropped to an astonishing 27 seconds! Of the cases that they worked, an astounding 82% didn’t use any malware, relying instead on living-off-the-land (LotL) techniques to escalate and pivot. BlackFog’s 2025 State of Ransomware Annual Report which came out a couple of weeks ago reports that there were 1,174 publicly disclosed ransomware attacks, however 86% of ransomware incidents went undisclosed, showing that the problem is significantly larger than most press reports indicate. 96% of ransomware exfiltrates data for extortion and resale. Despite these statistics, indications are that number of companies paying the extortion demands is decreasing, which is causing threat actors to ramp up the quantity attacks to make up the difference. Their gambit seems to be working as total payouts have increased year-over-year. This is an ever evolving evil and we cannot let down our guard.

In Other News Events of Note and Interest:

Anthropic vs. Department of War. In a dispute over AI tools for military applications. The Department of War had ordered Anthropic to remove restrictions on the military’s use of its AI tools, which Anthropic refused to do. This refusal has led to termination of a $200 million deal with the Department of War. The dispute is centered on safety concerns regarding sensitive applications like mass surveillance, weapons development, and autonomous systems. The Department of War has now designated Anthropic as a ‘supply chain risk,’ which requires companies that work with the US military to cut ties with Anthropic. For its part, Anthropic plans to fight the designation in court, calling it an unprecedented and legally unsound move against an American company. Barring any changes, the US Government now plans to cease use of anything by Anthorpic within six months.

Musings

I spend multiple hours a week of my own time creating the RedDotSecurity.new newsletter. Every now and then one of my viewers or readers will let me know that they found something in the content that I put out to be useful, amusing, or even vital to them or those they support. I love hearing from you, don’t stop! However, as I’ve been at this several years now, I’ve found that this publishing process is invaluable to me. By personally researching the articles, blogs, and videos, from the various publications and news sources that I use weekly, I have opportunity to see various sides and viewpoints regarding current and highly relevant events, tools, trends, activity, and methodologies that are being used and abused in our industry. So, if you benefit from what I put out, you’re welcome, and thank you for your support. And thank also you for being there, because it encourages me to continue to learn and to continue to better myself.

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Like this: