Two perfect CVSS 10.0 scores in one news cycle. A state-sponsored actor living inside Cisco's SD-WAN platform since 2023. A brand-new lateral movement technique called "Ghost NICs" that leaves no forensic trace. An AI chatbot jailbroken to steal 195 million government records. A North Korean hacking group bridging air-gapped networks with USB drives and an embedded Ruby runtime. And a phishing platform so sophisticated it makes your multi-factor authentication functionally useless. This is Hacking News Episode 64 from Exploit Brokers by Forgebound Research. Five stories, multiple nation-state actors, and some genuinely novel attack techniques. Let's get into it. 🕐 TIMESTAMPS 0:00 — Cold Open 1:12 — Welcome & CTA 1:55 — Story 1: Cisco SD-WAN Zero-Day (CVE-2026-20127, CVSS 10.0) — Five Eyes Response 6:55 — Story 2: Dell RecoverPoint Zero-Day (CVE-2026-22769, CVSS 10.0) — Ghost NICs 11:35 — Story 3: Claude AI Jailbreak — 195 Million Mexican Government Records 15:27 — Story 4: ScarCruft Air-Gap Bridging — "Ruby Jumper" Campaign 19:55 — Story 5: Starkiller Phishing-as-a-Service — MFA Bypass 25:02 — Recap & 5 Key Takeaways 27:28 — Outro 📚 SOURCES Story 1 — Cisco SD-WAN: Cisco Advisory cisco-sa-sdwan-rpa-EHchtZk — https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk CISA Emergency Directive 26-03 — https://www.cisa.gov/emergency-directive-26-03 ASD-ACSC Hunt Guide — https://www.cyber.gov.au/ BleepingComputer — https://www.bleepingcomputer.com/ The Hacker News — https://thehackernews.com/ Dark Reading — https://www.darkreading.com/ SecurityWeek — https://www.securityweek.com/ Story 2 — Dell RecoverPoint: Google Cloud / Mandiant GTIG Report — https://cloud.google.com/blog/topics/threat-intelligence/ Dell Security Advisory DSA-2026-079 — https://www.dell.com/support/kbdoc/en-us/000426742/ CISA Known Exploited Vulnerabilities Catalog — https://www.cisa.gov/known-exploited-vulnerabilities-catalog The Hacker News — https://thehackernews.com/ SecurityWeek — https://www.securityweek.com/ CyberScoop — https://cyberscoop.com/ Story 3 — Claude AI Jailbreak: Bloomberg (Feb 25, 2026) — https://www.bloomberg.com/ VentureBeat — https://venturebeat.com/ Gambit Security Research — https://gambitsecurity.com/ Story 4 — ScarCruft Ruby Jumper: Zscaler ThreatLabz Report (Feb 27) — https://www.zscaler.com/blogs/security-research/ The Hacker News — https://thehackernews.com/ BleepingComputer — https://www.bleepingcomputer.com/ Story 5 — Starkiller PhaaS: Krebs on Security — https://krebsonsecurity.com/ Abnormal AI Technical Analysis — https://abnormalsecurity.com/blog/ Dark Reading — https://www.darkreading.com/ Infosecurity Magazine — https://www.infosecurity-magazine.com/ ⚠️ DISCLAIMER The content presented by Exploit Brokers by Forgebound Research is for educational and informational purposes only. Cipherceval is a cybersecurity educator and commentator — not your personal security consultant, legal counsel, or professional advisor. The information shared here reflects publicly available research, industry reporting, and the host's personal perspective. It does not constitute professional security consulting or individualized guidance for your specific environment. Always consult with qualified professionals for decisions affecting your systems and security posture. 🔔 Subscribe for weekly cybersecurity news and analysis. 👍 Like if this episode was helpful. 🔗 Share with your team — awareness is the first line of defense. #cybersecurity #hackernews #exploitbrokers #cipherceval #infosec #cisco #sdwan #cve #zerodday #ghostnics #dell #recoverpoint #claudeai #jailbreak #scarcruft #northkorea #airgap #starkiller #phishing #mfa #fido2 #passkeys #fiveeyes #cisa #threatintelligence #apisecurity #cyberthreat #nationstatehacking #databreach