Cybersecurity Headlines Google disrupts UNC2814, 3M+ impacted by TriZetto breach, Cisco bug exploited since 2023
24 snips
Feb 26, 2026 Google disrupted a major cybercrime group's cloud infrastructure after widespread intrusions. A healthcare portal breach exposed millions of personal and insurance records. A long‑running Cisco SD‑WAN flaw allowed attackers to add rogue peers and was exploited since 2023. Developers were targeted via malicious Next.js repos and cloud code vulnerabilities enabled remote code execution and API key theft.
AI Snips
Chapters
Transcript
Episode notes
Google Disrupted Longrunning Gallium Campaign
- Google disrupted UNC-2814 (Gallium) after the group used Google Sheets to blend malicious activity into normal traffic.
- Google and partners shut down the group's Cloud projects and accounts without any Google product compromise, and China denied the allegations.
TriZeto Breach Impact Much Larger Than Initially Reported
- TriZeto Provider Solutions disclosed a 2024 breach exposed data for 3,433 people including SSNs and insurance details via a web portal.
- TriZeto, a Cognizant subsidiary, hired Mandiant, notified law enforcement, and offers one year of credit monitoring.
Longrunning Exploitation Of Cisco SD-WAN Flaw
- Cisco disclosed a critical SD-WAN authentication bypass exploited since 2023 to add rogue peers and compromise controllers.
- The 10.0 severity flaw allowed privilege escalation to root by chaining a known flaw and CISA ordered federal patching by Feb 27.