Get $200 off a new Galaxy S26 phone when you preorder at Best Buy – here’s how
Best Buy already has preorder deals on the new Samsung Galaxy S26 devices. Here’s how to save.
Latest news – Read More
Best Buy already has preorder deals on the new Samsung Galaxy S26 devices. Here’s how to save.
Latest news – Read More
Could this one subtle change become the new norm for phones? So far, only one Samsung handset offers the innovative feature.
Latest news – Read More
Preorder the new Samsung Galaxy S26, S26 Plus, or S26 Ultra unlocked from Amazon at a discount, and get a free Amazon gift card included. We break down the details.
Latest news – Read More
Between Samsung and Google’s best phones to start 2026, here’s which one you should buy if you’re cross-shopping between the two.
Latest news – Read More
Samsung’s new Galaxy S26 phones are here, and we found the best phone cases from brands like Spigen, Pitaka, Torras, and more to protect your new device.
Latest news – Read More
Incremental updates to sound and noise cancellation are losing their upgrade value; perhaps a new ceiling to break is on the horizon.
Latest news – Read More
In addition to the $17.25 million payout, which will be split between more than 10 million potential class members, the settlement requires PowerSchool to establish a “web governance” committee to monitor certain actions.
The Record from Recorded Future News – Read More
Sonos and Samsung both make superior home theater products, but choosing is about more than chasing an audio experience.
Latest news – Read More

Cisco Talos is tracking the active exploitation of CVE-2026-20127, a vulnerability in Cisco Catalyst SD-WAN Controller, formerly vSmart, that allows an unauthenticated remote attacker to bypass authentication and obtain administrative privileges on the affected system by sending a crafted request to an affected system. Successful exploitation may allow the attacker to gain administrative privileges on the Controller as an internal, high privileged, non-root, user account.
Talos clusters this exploitation and subsequent post-compromise activity as “UAT-8616” whom we assess with high confidence is a highly sophisticated cyber threat actor. After the discovery of active exploitation of the 0-day in the wild, we were able to find evidence that the malicious activity went back at least three years (2023). Investigation conducted by intelligence partners identified that the actor likely escalated to root user via a software version downgrade. The actor then reportedly exploited CVE-2022-20775 before restoring back to the original software version, effectively allowing them to gain root access.
UAT-8616’s attempted exploitation indicates a continuing trend of the targeting of network edge devices by cyber threat actors looking to establish persistent footholds into high value organizations including Critical Infrastructure (CI) sectors.
Customers are strongly advised to follow the guidance published in the security advisories discussed below. Additional recommendations specific to Cisco are available here. Customers support is also available by initiating a TAC request. Talos strongly recommends that customers and partners using Cisco Catalyst SD-WAN technology follow the steps outlined in this advisory to help protect their environments.
The initial and most critical activity to look for is any control connection peering event identified in Cisco Catalyst SD-WAN logs, as this may indicate an attempt at initial access via CVE-2026-20127. All such peering events require manual validation to confirm their legitimacy, with particular focus on vManage peering types. Threat actors who compromise Cisco Catalyst SD-WAN infrastructure often establish unauthorized peer connections that may appear superficially normal but occur at unexpected times, originate from unrecognized IP addresses, or involve device types inconsistent with the environment’s architecture. A comprehensive review process is essential to distinguish between legitimate network operations and potential indicators of compromise.
Feb 20 22:03:33 vSmart-01 VDAEMON_0[2571]: %Viptela-vSmart-VDAEMON_0-5-NTCE-1000001: control-connection-state-change new-state:up peer-type:vmanage peer-system-ip:1.1.1.10 public-ip:192.168.3.20 public-port:12345 domain-id:1 site-id:1005
In the identified example, the peer-system-ip should be validated as matching the expected IP address schema in-use, the timestamp should be validated as matching any events which might cause a peering event to occur and the public-ip should be validated as being an expected source for a peering event.
The following may be high-fidelity indicators of a successful compromise by UAT-8616 in an SD-WAN infrastructure setup:
We strongly recommend that you perform the steps outlined in this document. Cisco has also published a hardening guide for Cisco Catalyst SD-WAN deployments located at https://sec.cloudapps.cisco.com/security/center/resources/Cisco-Catalyst-SD-WAN-HardeningGuide. It is strongly recommended that any customers who are utilizing the Cisco Catalyst SD-WAN technology follow the guidance provided in this hardening guide. We also recommend referring to advisories here and here and the Cisco Catalyst SD-WAN threat hunting guide released by our intelligence partners for additional detection guidance.
Talos is releasing the following Snort coverage for this threat and associated vulnerability:
Cisco Talos Blog – Read More
In a filing with U.S. regulators, Massachusetts-based medical device manufacturer UFP Technologies said intruders possibly stole or destroyed company data during an incident earlier in February.
The Record from Recorded Future News – Read More