Month: February 2026

The Federal Bureau of Investigation (FBI) released this FBI Liaison Alert System (FLASH)  to disseminate indicators of compromise (IOCs) and technical details associated with malware enabled ATM jackpotting.

Threat actors exploit physical and software vulnerabilities in ATMs and deploy malware to dispense cash without a legitimate transaction. The FBI has observed an increase in ATM jackpotting incidents across the United States. Out of 1,900 ATM jackpotting incidents reported since 2020, over 700 of them with more than $20 million in losses occurred in 2025 alone.

This FBI FLASH provides technical details, IOCs, recommended mitigations, and is being provided to encourage organizations to implement the recommended mitigation steps, outline the information requested from the public, and to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals.

Administrative Note The information in this document is being provided by the FBI, with no guarantees or warranties, for potential use at the sole discretion of recipients to protect against cyber threats. This data is provided to help cybersecurity professionals and system administrators guard against the persistent malicious actions of cyber actors. The FBI does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by the FBI.

Today marks two years since the publication of the Cybersecurity Framework (CSF) 2.0!

Published in 2024, the CSF 2.0 included the addition of a Govern Function, increased emphasis on cybersecurity supply chain risk management, updated categories and subcategories to address current threat and technology shifts, and expansion into a suite of resources designed to make the CSF 2.0 easier to consume and put into practice—enabling organizations to better manage and reduce their cybersecurity risk.

The CSF 2.0 has been widely embraced by millions of organizations of all sizes and sectors around the globe and continues to be the most downloaded NIST technical publication (with over 3 million views and downloads, to date). The team has been hard at work the last two years…

Read the Blog

The Cybersecurity and Infrastructure Security Agency (CISA) issued an Alert and Emergency Directive 26-03: Mitigate Vulnerabilities in Cisco SD-WAN Systems  in response to cyber threat actors’ observed exploitation of Cisco Software-Defined Wide-Area Networking (SD‑WAN) systems. While only federal agencies are required to implement CISA Emergency Directives (EDs), the risks extend to every organization and sector using these systems. All organizations are strongly urged to review and adopt the actions outlined in the ED and associated resources.

CISA and partners have observed malicious cyber actors targeting and compromising Cisco SD-WAN systems of organizations, globally. These threat actors have been observed exploiting a previously undisclosed authentication bypass vulnerability, CVE-2026-20127, for initial access before escalating privileges using CVE-2022-20775 and establishing long-term persistence in Cisco SD-WAN systems. CISA has added both of these CVEs to its Known Exploited Vulnerabilities (KEV) Catalog.

In addition to the Alert and ED, CISA is also sharing additional resources to support mitigation efforts:

Cisco SD-WAN Threat Hunt Guide : Developed in collaboration with the Australian Signals Directorate’s Australian Cyber Security Centre, the US National Security Agency, and global partners, this guide supports network defenders in detecting and responding to malicious activity targeting SD-WAN systems.   Cisco Catalyst SD-WAN Hardening Guidance: This guidance, developed by Cisco, provides actionable mitigations for network defenders to strengthen and secure SD-WAN networks.

CISA and partners strongly urge network defenders to immediately:

inventory all in-scope Cisco SD-WAN systems, collect artifacts, including virtual snapshots and logs off of SD-WAN systems to support threat hunt activities, fully patch Cisco SD-WAN systems with available updates, hunt for evidence of compromise, and concurrently review Cisco’s latest security advisories, Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability and  Cisco Catalyst SD-WAN Vulnerabilities, and implement Cisco’s SD-WAN Hardening Guidance.