Black Hat Europe 2025: Threat Hunting With Agentic AI
Working at the Black Hat Network Operations Center (NOC) as a data scientist makes me a bit of an outlier (pun intended) among network engineers and hard-core threat hunters.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Black Hat Europe 2025: Lessons from the NOC
With the holiday season all wrapped up (pun definitely intended), I finally have time to sit down and digest what we saw in the network traffic at Black Hat Europe 2025 while working alongside the other Network Operations Center (NOC) partners: Arista, Cisco, Jamf, and Palo Alto Networks. As usual, there is a mix of the expected, a dash of the unexpected, and some lessons for newcomers and greybeards alike. Let’s get into it.
CVE-2026-20127: In-Depth Analysis of the Cisco Catalyst SD-WAN Authentication Bypass Vulnerability
Software-defined networking (SD-WAN) has transformed enterprise infrastructure, enabling dynamic connectivity between sites with centralized management and control. But when the control plane itself becomes vulnerable, network integrity is no longer a given.
Forescout VistaroAI: Security Like You've Never Experienced Before
Cybersecurity moves fast and your environment moves even faster. Forescout VistaroAI helps security teams keep up by instantly analyzing changes across your network and surfacing the risks that matter most. Instead of drowning in dashboards and alerts, Forescout VistaroAI gives you: VistaroAI turns continuous change into clear, actionable intelligence, helping teams stay ahead of threats with confidence.
Forward Networks Expands Operations to Japan as Demand for Trusted Network Operations Accelerates
Forward Enterprise enables organizations to reduce risk, improve operational efficiency, and prepare their networks for trusted agentic AI and autonomous operations.
Emerging Threat: Cisco Catalyst SD-WAN Authentication Bypass (CVE-2026-20127)
CVE-2026-20127 is a critical authentication bypass vulnerability affecting Cisco Catalyst SD-WAN Controller (vSmart) and Cisco Catalyst SD-WAN Manager (vManage). The flaw stems from improper validation within the control plane and management plane authentication mechanisms, allowing a remote, unauthenticated attacker to submit crafted requests that bypass standard authentication controls. Successful exploitation results in access to the system as a high-privileged internal user account.
CVE-2026-20127: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
On February 25, 2026, Cisco released fixes for a maximum severity authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN Manager (formerly vManage), tracked as CVE-2026-20127. The flaw arises from a broken peering authentication mechanism in the control-plane authentication workflow. This vulnerability potentially allows a remote, unauthenticated threat actor to bypass authentication and obtain administrative privileges on an affected system.
Episode 9 - Federal Cyber Defense: Legacy Debt, Cloud Shifts, and Network Truth
Richard Bejtlich sits down with Jean Schaffer, Corelight’s Federal CTO, to discuss the unique hurdles facing government agencies in an era of escalating state-sponsored threats. Jean highlights the persistent challenge of legacy IT infrastructure and the "technical debt" that complicates modernization efforts across the Department of Defense, the intelligence community, and the civilian sector. The conversation explores the strategic shift toward cloud adoption as a means to decommission vulnerable on-premise hardware and the evolving "whole of nation" defense strategy that requires deeper public-private partnerships.
AI Agents: How Your New Employee Brings More Security Risks
AI agents aren’t applications. They’re employees. So why are we treating them like applications? AI agents don’t behave like classic applications. They access systems. They make decisions. They operate continuously. They interact with humans and other systems without being explicitly triggered each time. That’s not automation. That’s not scripts. That’s a digital worker.
Cato CTRL Threat Research: When OpenClaw, Your AI Personal Assistant, Becomes the Backdoor
Cato CTRL’s Vitaly Simonovich (senior security researcher) has identified a threat actor selling root shell access to a UK-based automation company through a compromised AI personal assistant based on OpenClaw.