Cisco Zero-Day and the $35 Million L3Harris Insider Leak [Prime Cyber Insights]

[00:00] Announcer: From Neural Newscast, this is Prime Cyber Insights, Intelligence for Defenders, Leaders, and Decision Makers. [00:06] Aaron Cole: Welcome to Prime Cyber Insights for February 26, 2026. I'm Aaron Cole, and we are tracking [00:13] Aaron Cole: several massive stories that are shaking the foundations of enterprise and national security today. [00:20] Aaron Cole: And I'm Lauren Mitchell. [00:21] Chad Thompson: We're starting with a maximum severity Cisco Zero Day that's been active for years, plus a major sentencing in a high-profile defense contractor leak. [00:31] Chad Thompson: Joining us today is Chad Thompson, a director-level AI and security leader with a systems-level perspective on automation, enterprise risk, and operational resilience. [00:42] Chad Thompson: Chad, great to have you. [00:43] Lauren Mitchell: Great to be here, Lauren. [00:48] Lauren Mitchell: We're seeing a real collision between infrastructure vulnerabilities and sophisticated human-driven threats right now. [00:55] Aaron Cole: Let's dive right into that Cisco news, Lauren. [00:57] Aaron Cole: This is CVE 2026-20127, a perfect 10 out of 10 on the severity scale. [01:05] Aaron Cole: CISA just added it to the Known Exploited Vulnerabilities Catalog. [01:09] Chad Thompson: Exactly, Aaron. This flaw in the Cisco Catalyst SD-WAN has been exploited since at least 2023 [01:18] Chad Thompson: by a group tracked as UAT minus 8616. They've been using it to add rogue peers and manipulate [01:26] Chad Thompson: the network fabric itself. Chad, from a risk perspective, what's most concerning about a [01:33] Chad Thompson: two-year-old zero day finally surfacing? The persistence is the issue. [01:39] Lauren Mitchell: by downgrading firmware and then covering their tracks. [01:44] Lauren Mitchell: These actors have had root access for years. [01:48] Lauren Mitchell: It shows that even in highly automated SDWAN environments, [01:54] Lauren Mitchell: the visibility into the how and when of configuration changes is still [01:59] Lauren Mitchell: You know, a massive operational blind spot for most enterprises. [02:04] Aaron Cole: That's notable, Lauren. [02:06] Aaron Cole: And we're seeing that insider knowledge theme play out in a big way with Peter Williams. [02:11] Aaron Cole: The former L3 Harris executive was just sentenced to 87 months for selling zero-day exploits to the Russian broker Operation Zero for over a million dollars. [02:22] Chad Thompson: It's a staggering breach of trust, Aaron. Williams allegedly stole tools worth $35 million to Trenchant. [02:31] Chad Thompson: Chad, you focus on systems-level resilience. [02:35] Chad Thompson: How does an organization even begin to defend against a general manager with full network access who is actively framing other employees? [02:45] Lauren Mitchell: It's the hardest problem in security. [02:48] Lauren Mitchell: I mean, you can't just rely on access controls when the person in charge of them is the adversary. [02:55] Lauren Mitchell: It requires decoupled audit logs and behavioral analytics that don't live on the same network that the executive manages. [03:04] Lauren Mitchell: This case is a wake-up call for the defense industrial base regarding intellectual property protection. [03:12] Aaron Cole: Speaking of scale, the Conduant breach just exploded from 10 million to 25 million affected individuals. [03:20] Aaron Cole: We're talking about Texas and Oregon state benefits, social security numbers, and 8 terabytes of data exfiltrated by the Safe Pay ransomware gang. [03:31] Chad Thompson: Absolutely, Aaron. It's a classic third-party blind spot. [03:34] Chad Thompson: People don't even know who Conduant is, but they process the Medicaid and SNAP benefits those people rely on. [03:41] Chad Thompson: Combined with the news that groups like scattered lapsus dollar hunters are now recruiting female voices on Telegram to social engineer help desks, [03:50] Chad Thompson: the human element of security is under massive pressure. [03:53] Lauren Mitchell: That's right. Whether it's the Conduant scale or the help desk ruses, the goal is always the same. [04:01] Lauren Mitchell: Leverage the weakest point in the chain. [04:04] Lauren Mitchell: often the third-party processor or the service agent, [04:08] Lauren Mitchell: to gain high-level credentials. [04:11] Lauren Mitchell: A verification must move beyond voice-only calls immediately. [04:15] Aaron Cole: Urgency is the word of the day. [04:18] Aaron Cole: Chad, thanks for joining us to break this down. [04:20] Aaron Cole: For Prime Cyber Insights, I'm Aaron Cole. [04:23] Chad Thompson: And I'm Lauren Mitchell. [04:25] Chad Thompson: Stay resilient and we'll see you next time. [04:28] Chad Thompson: You can find more resources at pci.neuronnewscast.com. [04:33] Chad Thompson: Neural Newscast is AI-assisted, human-reviewed. [04:38] Chad Thompson: View our AI transparency policy at neuralnewscast.com. [04:42] Announcer: This has been Prime Cyber Insights on Neural Newscast. [04:46] Announcer: Intelligence for defenders, leaders, and decision makers. [04:49] Announcer: Neural Newscast uses artificial intelligence in content creation [04:53] Announcer: with human editorial review prior to publication. [04:56] Announcer: While we strive for factual, unbiased reporting, AI-assisted content may occasionally contain [05:02] Announcer: errors. Verify critical information with trusted sources. Learn more at neuralnewscast.com.