February 26, 2026, SANS Internet Storm Center Stormcast Highlights Critical Security Issues

The February 26, 2026, SANS Internet Storm Center Stormcast episode covers a proposed CLA model by Claire Perry, a SANS.edu graduate, which addresses interdependencies in critical infrastructure security—an improvement over the insular Purdue model that focuses only on individual plants. Cisco disclosed a critical (CVSS 10) unauthenticated privilege escalation vulnerability in Catalyst SD-WAN controllers (formerly SD-WAN vSmart), actively exploited since 2023, with indicators of compromise provided in their advisory. Researchers at Infogard Labs revealed that Cortex XDR’s Lifecycle Terminal can be abused as a command-and-control (C2) channel, enabling attackers to execute commands (e.g., PowerShell) via trusted defensive tools. OpenSSL released a patch for a high-severity stack-based buffer overflow in CMS/PKCS7 parsing, exploitable via S/MIME or authenticated envelope data, particularly when using GCM ciphers, with potential for DoS or code execution depending on system safeguards. The episode also highlighted the resurgence of tarpitting techniques to disrupt AI companies scraping copyrighted data, as detailed in a Portspoof blog post, by flooding crawlers with noise to degrade model quality.