# Top Stories

WatchTowr reports widespread exploitation of CVE-2026-20127 affecting Cisco Catalyst SD-WAN infrastructure, with attacks originating from numerous unique IP addresses. This actively exploited vulnerability poses significant risks to organizations relying on Cisco's SD-WAN solutions for network connectivity.

Threat actors are exploiting the special-use .arpa domain and IPv6 reverse DNS lookups in phishing campaigns to bypass domain reputation systems and email security gateways. This technique represents a novel evasion method that challenges traditional email security controls.

AI assistants with autonomous access to users' computers, files, and online services are creating new security challenges by blurring boundaries between data and code, and between trusted tools and insider threats. These powerful agents are rapidly shifting organizational security priorities as their adoption grows among developers and IT workers.

Research reveals Iranian state-sponsored hackers attempting to compromise consumer-grade security cameras, part of a broader trend of nation-state actors targeting surveillance infrastructure. Similar camera hacking activities have been observed in the Ukraine conflict, highlighting the strategic importance of IoT devices in modern warfare.

EU Court of Justice Advocate General Athanasios Rantos issued a formal opinion requiring banks to immediately refund phishing victims even when customers are at fault for unauthorized transactions. This ruling could fundamentally change liability frameworks for financial fraud across the European Union.

Pentagon CTO Emil Michael disclosed conflicts with AI company Anthropic over autonomous warfare capabilities, revealing military development of procedures for different autonomy levels based on risk assessment. This highlights growing tensions between AI companies and defense applications of their technology.

Fig Security launched from stealth mode with a platform that traces security data flows end-to-end across SIEMs, pipelines, and response systems to prevent infrastructure changes from breaking critical defenses. The solution addresses visibility gaps in complex security operations environments.

Cylake introduced an AI-native security platform that analyzes security data locally without cloud dependencies, targeting organizations with data sovereignty concerns. The platform promises to identify potential attacks while keeping sensitive data on-premises.

Entertainment article about Jessica Jones appearing in the Daredevil: Born Again trailer is not relevant to cybersecurity operations. This content appears to be incorrectly categorized from a general entertainment RSS feed.

Scientific research about dinosaur miniaturization and small-sized dinosaur lineages is completely unrelated to cybersecurity. This paleontology content appears to be miscategorized from a science RSS feed.