[00:00] Aaron Cole: From Neural Newscast, this is Prime Cyber Insights, Intelligence for Defenders, Leaders, and Decision Makers.
[00:06] Chad Thompson: Welcome to Prime Cyber Insights for February 24, 2026.
[00:12] Chad Thompson: We are opening today's briefing by tracking a high-velocity wave of infrastructure attacks
[00:17] Chad Thompson: and critical software vulnerabilities that demand immediate attention from security teams globally.
[00:22] Chad Thompson: I am joined, as always, by Lauren to help break down these complex developments.
[00:27] Chad Thompson: Thanks, Aaron.
[00:28] Chad Thompson: It is a packed morning for the security community.
[00:31] Chad Thompson: Joining us today is Chad Thompson, a director-level AI and security leader.
[00:36] Chad Thompson: Chad brings a deep systems-level perspective on automation, enterprise risk, and operational
[00:42] Chad Thompson: resilience, which is exactly what we need to navigate today's stories.
[00:46] Chad Thompson: Chad, great to have you.
[00:48] Chad Thompson: Erin, we have to start with the urgent patches coming out of SolarWinds today.
[00:53] Lauren Mitchell: It is great to be here, Lauren.
[00:56] Lauren Mitchell: Looking at the landscape this morning, it is clear that the intersection of legacy infrastructure and modern automation is creating some unique pressure points for the enterprise.
[01:09] Chad Thompson: SolarWinds has released critical updates for its ServeU-FaW transfer software.
[01:15] Chad Thompson: The most severe flaw, CVE 2025 to 40,538, is a broken access control vulnerability.
[01:23] Chad Thompson: This is a nightmare scenario because it allows an attacker to effectively create a system
[01:29] Chad Thompson: admin account and execute code as root.
[01:31] Chad Thompson: With over 12,000 servers currently exposed online, this has to be a top-tier patching priority for any enterprise using their managed file transfer or FTP capabilities.
[01:42] Chad Thompson: If that server is internet-facing, you are in the crosshairs.
[01:46] Chad Thompson: Moving from software flaws to active threat actors, the Lazarus Group is making headlines for a significant tactical shift –
[01:54] Chad Thompson: Reporting from Symantec and Carbon Black indicates the North Korean group is now using Medusa ransomware to target health care organizations across the U.S. and the Middle East.
[02:06] Chad Thompson: They appeared to be moving away from their traditional custom payloads in favor of established ransomware as a service models.
[02:14] Chad Thompson: This allows them to save on development costs while maintaining high-impact extortion campaigns.
[02:19] Lauren Mitchell: This is a very pragmatic move by Lazarus.
[02:22] Lauren Mitchell: By leveraging existing RAS infrastructure, they can increase their operational tempo without the overhead of maintaining bespoke code.
[02:31] Lauren Mitchell: For a state-sponsored actor, it is about maximum ROI and plausible deniability.
[02:38] Lauren Mitchell: In the healthcare sector, where downtime can literally be a matter of life or death, the pressure to pay these ransoms is immense.
[02:48] Chad Thompson: It definitely increases their lethality, Lauren.
[02:50] Chad Thompson: Speaking of persistent threats, a report released yesterday by Bloomberg has uncovered a major
[02:55] Chad Thompson: 2021 breach at Ivante subsidiary, Pulse Secure.
[02:59] Chad Thompson: Chinese hackers reportedly planted a backdoor that compromised 119 organizations, including
[03:05] Chad Thompson: several military contractors.
[03:07] Chad Thompson: The report explicitly links the decline in security quality to aggressive cost-cutting
[03:12] Chad Thompson: in layoffs that followed private equity acquisitions of the firm.
[03:15] Chad Thompson: Exactly. This highlights a pattern where technical debt meets active exploitation.
[03:22] Chad Thompson: While we discuss those broader implications, we also have to look at the immediate crisis in New York.
[03:28] Chad Thompson: The Keelan Ransomware Group claims to have breached the union representing 41,000 transit workers.
[03:35] Chad Thompson: They have allegedly leaked sensitive, personally identifiable information onto the dark web,
[03:41] Chad Thompson: including salary details and medical data.
[03:43] Lauren Mitchell: When you look at the Avanti story alongside the Killeen attack,
[03:47] Lauren Mitchell: you see two sides of the same coin.
[03:50] Lauren Mitchell: On one hand, you have the systemic risk introduced by financial restructuring
[03:55] Lauren Mitchell: that deprioritizes security hygiene.
[04:00] Lauren Mitchell: On the other, you have the human impact of data theft.
[04:05] Lauren Mitchell: For those 41,000 transit workers,
[04:09] Lauren Mitchell: This isn't just a corporate breach.
[04:13] Lauren Mitchell: It is a profound violation of their personal privacy and financial security.
[04:18] Chad Thompson: The pressure is also mounting in the Netherlands, Lauren.
[04:22] Chad Thompson: Today, the Shiny Hunter's extortion gang added Dutch telecom Odido to their leak site,
[04:27] Chad Thompson: claiming to have stolen 21 million records.
[04:31] Chad Thompson: While Odido initially reported the breach affected 6.2 million customers,
[04:36] Chad Thompson: the hackers are now threatening a final warning to the company.
[04:40] Chad Thompson: It is a stark reminder of how vulnerable large-scale PII repositories remain and how quickly these situations can escalate beyond initial company estimates.
[04:50] Chad Thompson: And it isn't just direct breaches we need to worry about.
[04:53] Chad Thompson: New research out today shows that nearly one in three meta-ads in the EU and UK are actually malicious, pointing to phishing or malware.
[05:02] Chad Thompson: I mean, this industrial-scale operation is leveraging the same engagement algorithms used for legitimate marketing to maximize victim counts.
[05:11] Chad Thompson: The infrastructure for this appears heavily linked to Hong Kong and China, showing just how weaponized social media advertising has become.
[05:18] Chad Thompson: Despite these digital headwinds, there is a major win for operational resilience in the space sector.
[05:26] Chad Thompson: Last Friday, NASA confirmed that the latest fueling test for the Artemis 1 SLS rocket
[05:33] Chad Thompson: was a success.
[05:34] Chad Thompson: Technicians swapped out the hydrogen seals that caused issues earlier this month, and those
[05:40] Chad Thompson: new seals held firm during the test.
[05:43] Chad Thompson: This keeps the earliest launch target of March 6th on the calendar, which is a massive
[05:49] Chad Thompson: milestone for the program.
[05:50] Chad Thompson: It is a rare bit of good news in a week dominated by ransomware and root access exploits.
[05:57] Chad Thompson: We have covered everything from Lazarus's new medical targets to the systemic risks of private equity-owned security firms.
[06:04] Chad Thompson: Aaron, the urgency for secure-by-design principles has never been higher.
[06:09] Chad Thompson: For the full technical breakdown on any of today's stories, visit pci.neuralnewscast.com.
[06:16] Chad Thompson: Stay resilient, stay patched, and we will see you in the next update.
[06:20] Chad Thompson: Neural Newscast is AI-assisted, human-reviewed.
[06:24] Chad Thompson: View our AI Transparency Policy at neuralnewscast.com.
[06:29] Aaron Cole: This has been Prime Cyber Insights on Neural Newscast.
[06:32] Aaron Cole: Intelligence for defenders, leaders, and decision makers.
[06:36] Aaron Cole: Neural Newscast uses artificial intelligence in content creation
[06:39] Aaron Cole: with human editorial review prior to publication.
[06:43] Aaron Cole: While we strive for factual, unbiased reporting, AI-assisted content may occasionally contain
[06:48] Aaron Cole: errors. Verify critical information with trusted sources. Learn more at neuralnewscast.com.