[cyber]HIGHactive

Cyber Threats & Infrastructure Exploitation

AI is actively monitoring this situation. Last scan: 9h ago.

[Situation briefing]

A significant cyberattack targeting London's transportation infrastructure has compromised personal data for approximately 10 million users, including names and other sensitive information. The breach represents a critical vulnerability in essential public services and poses substantial risks to affected individuals regarding identity theft and fraud. The situation is currently escalating as authorities investigate the attack's scope and attribution while working to contain further data exposure. Immediate response measures are underway to notify affected parties and strengthen system security across the transport network.

[Situation map]

attack

BREAKING9h agoNo Trust Score Issued

London Transport Cyberattack Exposes Data of 10 Million People

A significant cyberattack on London's transportation system has resulted in the leak of personal data for approximately 10 million people, including names, email addresses, phone numbers, and postal addresses, according to Le Figaro. The BBC obtained access to the stolen data through sources in the hacking community, highlighting major security vulnerabilities in public transportation infrastructure.

Le Figaro

MAJORMar 4, 08:00 AM

Dual CVE Chain Enables Persistent Access in Cisco SD-WAN Attacks, Agencies Say

CISA Alerts detail that threat actors are executing a two-stage exploitation chain against Cisco SD-WAN infrastructure, first leveraging the newly catalogued authentication bypass CVE-2026-20127 — described as a previously undisclosed zero-day — before pivoting to the privilege escalation flaw CVE-2022-20775 to entrench themselves within targeted environments. The joint advisory, co-signed by the Five Eyes intelligence alliance, characterizes the activity as a broad, global campaign with victims spanning multiple sectors and regions. Network defenders are urged to apply available patches immediately and audit SD-WAN management interfaces for indicators of compromise outlined in the guidance.

CISA Alerts

BREAKINGMar 4, 08:00 AM

CISA, Five Eyes Partners Warn of Active Global Cisco SD-WAN Exploitation

According to CISA Alerts, the U.S. Cybersecurity and Infrastructure Security Agency, the NSA, and international partners from Australia, Canada, New Zealand, and the United Kingdom have issued joint guidance warning of an ongoing global campaign targeting Cisco SD-WAN systems. CISA reports that malicious cyber actors are exploiting a previously undisclosed authentication bypass vulnerability tracked as CVE-2026-20127 to gain initial access, then chaining the attack with CVE-2022-20775 to escalate privileges and establish long-term persistence inside victim networks. CISA has added both vulnerabilities to its Known Exploited Vulnerabilities catalog and issued an Emergency Directive compelling federal agencies to take immediate remediation action.

CISA Alerts