Insights Into Things Podcasts

• CarGurus, CarGoners: 12.5M Accounts Take a Wrong Turn
  • CarGurus confirmed a contained cybersecurity incident after reports that 12.5M accounts were compromised
  • Details cited include account mappings and other datasets
  • Meaning identity-risk, fraud monitoring, and breach-notice compliance are now front-and-center.
  • TechCrunch
    
• Firewall? More Like “Forti-Fell”: 600 FortiGates Popped With Weak Logins
  • A report attributed to Amazon’s security leadership describes a campaign hitting ~600 Fortinet FortiGate devices by targeting exposed management interfaces and weak/no-MFA credentials
  • A reminder that “no exploit” attacks still wreck enterprises.
  • BleepingComputer
    
• SonicWall-ed Off: Vendor Backups Allegedly Become the Backdoor
  • Marquis filed suit alleging SonicWall negligence/misrepresentation contributed to a ransomware incident that disrupted operations tied to 74 U.S. banks
  • They claim the attacker leveraged config data pulled from the vendor’s cloud backup infrastructure
  • A supply-chain and vendor-risk management headache.
  • BleepingComputer
    
• BeyondTrust Falls Beyond Fast: RCE Flaw Now a Ransomware Party Favor
  • CISA flagged a BeyondTrust pre-auth RCE (CVE-2026-1731) as exploited and marked it as used in ransomware activity pushing urgent patching/mitigations
  • Especially painful for orgs that treat remote support and privileged access tooling as “always-on.”
  • BleepingComputer
    
• Cisco? I Saw, You Saw: Five Eyes Say SD-WAN Bugs Are Getting Worked Over
  • Five Eyes partners warned of real-world exploitation of Cisco Catalyst SD-WAN-related flaws (including CVE-2026-20127 and CVE-2022-20775)
  • CISA is calling the situation an “unacceptable risk”
  • A big flashing sign for enterprises running WAN edge gear.
  • TheRecord
    
• Med Device, Bad Vibes: UFP Tells the SEC It Got Hit
  • Medical device maker UFP disclosed a cyberattack discovered Feb 14, with some data potentially stolen/destroyed and operational impacts like billing/label making
  • Another example of SEC disclosure pressure colliding with real-world disruption risk in regulated industries.
  • TheRecord

• Conduent-y and Abetment: The Breach That Wouldn’t Stop Breaching
  • Conduent’s ransomware fallout reportedly expanded again, with at least 25 million people’s personal data implicated
  • This raises fresh vendor-risk questions for state agencies and enterprises that rely on Conduent for benefits/payment processing and mailroom/document workflows.
  • TechCrunch

• Medusa Meets Lazarus: Healthcare’s “Please Don’t” Speedrun
  • Researchers linked a North Korea–backed Lazarus subgroup to Medusa ransomware extortion activity aimed at US healthcare
  • This serves as a reminder that “critical infrastructure” targeting doesn’t come with ethical guardrails, and that IR readiness + segmentation matter when patient services are on the line.
  • BleepingComputer

• SmarterMail, Dumber Week: Telegram Turned Your Email Server Into a Flash Sale
  • Theat actors rapidly shared/sold exploit code and access tied to critical SmarterMail flaws (RCE + auth bypass)
  • This includes real-world exploitation including ransomware—highlighting how quickly internet-facing email infrastructure can go from “patched later” to “breached now.”
  • BleepingComputer
    
• Dell Hell: A “Hard-Coded Credential” Walks Into a VM…
  • A max-severity Dell RecoverPoint for VMs zero-day (hard-coded credentials) was reportedly exploited since mid-2024
  • For enterprises, it’s a loud signal to inventory niche infra appliances, lock them behind segmentation, and treat “internal-only” assumptions as a myth.
  • TheHackerNews
    
• France’s Bank-Account Rolodex Got a Little Too “Open Banking”
  • France disclosed unauthorized access to part of FICOBA (national bank account file)
  • Officials said affected people would be notified and warned of follow-on phishing/fraud—another case study in how centralized government datasets amplify breach impact and compliance scrutiny.
  • TheRecord
    
• Advantest? More Like “Advan-trespass”: Ransomware Hits a Chip-Supply Linchpin
  • Semiconductor test-equipment supplier Advantest said a third party accessed parts of its network and deployed ransomware
  • Manufacturing/industrial supply chains should read this as “assume disruption,” especially where tooling is critical to global production timelines.
  • TheRecord

• Conduent-ly Speaking: 25 Million “Oopsies” in One Breach
  • Conduent’s ransomware spillover now impacts at least 25M people.
  • Raising major risk and notification/compliance headaches for government and enterprise clients that rely on Conduent for benefits and payment processing.
  • Techcrunch
    
• Ivanti? More Like “I-vant-i” Your VPN Logs
  • Flaws in a Pulse Secure VPN product (now under Ivanti) were exploited to plant a backdoor.
  • This potentially ripples into many downstream orgs
  • Serving as an enterprise reminder that perimeter gear and acquisitions can carry long-tail security debt.
  • Techcrunch
    

• Figure This: Nearly a Million Accounts in the “Oops” Column
  • Figure Technology Solutions suffered a breach affecting nearly 1M accounts.
  • Reportedly tied to social engineering, reinforcing the need for stronger identity verification and incident response readiness in fintech ecosystems.
  • Bleepingcomputer
    

• Optimized for Vishing (Sadly)
  • Optimizely confirmed a breach after a voice-phishing (vishing) incident.
  • The attacker accessed certain internal systems/CRM records and stole basic business contact info.
  • This can fuel follow-on phishing campaigns against customers.
  • Bleepingcomputer
    

• Dell-ivered With Urgency
  • CISA ordered federal agencies to patch an actively exploited Dell RecoverPoint hardcoded-credential flaw within 3 days.
  • A strong signal for enterprises to prioritize the same fix and validate exposure in backup/recovery infrastructure.
  • Bleepingcomputer
    

• Starkiller: MFA’s New Frenemy
  • Phishing-as-a-service that proxies real login pages and relays credentials + MFA in real time.
  • Making it easier for low-skill attackers to pull off high-impact account takeovers.
  • Bad news for enterprises relying on MFA without stronger phishing-resistant controls.
  • Krebsonsecurity
    

• Latin America’s Cyber Glow-Up
  • The region’s cyber maturity is improving, but threat activity (including ransomware and initial access brokers) is rising fast.
  • Relevant for multinationals expanding operations and supply chains in LATAM.
  • Darkreading
    

• CISA’s KEV List Says “Patch Me Maybe” (But, Like, Today)
  • CISA added four actively exploited vulnerabilities to its KEV catalog (including Chrome, Zimbra, and Windows components).
  • Underscoring the compliance reality that “known exploited” should trigger accelerated patch SLAs.
  • TheHackerNews
    

• Regulators to GenAI: “Stop Cloning Humans, Please”
  • A statement from authorities in 61 countries warn AI developers/users to prevent abuses involving realistic depictions of real people.
  • An enterprise compliance flag for any org deploying generative image/video tools.
  • TheRecord
    

• UAE Says It Blocked a Ransomware “Boss Fight”
  • The UAE claims it thwarted ransomware and phishing attempts targeting critical sectors.
  • These include allegations of attackers using AI-enabled tooling
  • Highlighting how “critical infrastructure” incident claims can quickly become regulatory and geopolitical issues.
  • TheRecord
    
• Air Côte d’Ivoire: Flight Plans Stable, Incident Response Busy
  • The airline confirmed a cyberattack following ransomware claims
  • They notified relevant authorities, and brought in investigators
  • This is another example of ransomware pressure on operational continuity and disclosure obligations.
  • TheRecord