Daily Security Briefing #176
- DjediTech
- Security , Newsletter
- February 25, 2026
Table of Contents
February 25, 2026 | Read Online
GRIDTIDE disrupted, Claude Code vulnerabilities exposed, and AI training data poisoning…
Executive Summary
Cybersecurity threats continue to evolve with malicious actors adapting to disruptions in their ecosystems. The recent GRIDTIDE campaign disruption highlights the importance of collaborative efforts between industry partners and security researchers. Meanwhile, critical vulnerabilities in Anthropic’s Claude Code have been exposed, allowing for remote code execution and API key theft. Additionally, AI training data poisoning has become a concern, with attackers exploiting trust mechanisms to inject malicious content.
Articles
Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign
Google Threat Intelligence Group (GTIG) and partners took action against UNC2814, suspected of being a PRC-nexus cyber espionage group targeting international governments and global telecommunications organizations. The campaign, tracked since 2017, disrupted dozens of nations across four continents. https://cloud.google.com/blog/topics/threat-intelligence/disrupting-gridtide-global-espionage-campaign/ | https://thehackernews.com/2026/02/google-disrupts-unc2814-gridtide.html
The Post-RAMP Era: Allegations, Fragmentation, and the Rebuilding of the Ransomware Underground
The January 2026 seizure of RAMP did not dismantle the ransomware ecosystem. Instead, it accelerated fragmentation across underground platforms like T1erOne and accessible forums such as Rehub. Defenders now face reduced visibility into centralized coordination. https://www.rapid7.com/blog/post/tr-post-ramp-allegations-fragmentation-ransomware-underground-rebuild | https://www.rapid7.com/blog/post/tr-mri-hidden-risks-exposed-dicom-servers-uk-healthcare
Your MRI is Online: The Hidden Risks of Exposed DICOM Servers in UK Healthcare
Rapid7 Labs identified over 30 exposed systems in the UK responding to DICOM requests, putting sensitive medical imaging traffic at risk. These systems were reachable from the public internet during observation. https://www.rapid7.com/blog/post/tr-mri-hidden-risks-exposed-dicom-servers-uk-healthcare
Poisoning AI Training Data
Attackers can inject malicious content into AI training data by exploiting trust mechanisms. This vulnerability highlights the need for stricter security measures in AI development and deployment. https://www.schneier.com/blog/archives/2026/02/poisoning-ai-training-data.html | https://blog.checkpoint.com/research/check-point-researchers-expose-critical-claude-code-flaws/
Check Point Researchers Expose Critical Claude Code Flaws
Critical vulnerabilities in Anthropic’s Claude Code enable remote code execution and API key theft through malicious project configurations. Built-in mechanisms can be abused to bypass trust controls. https://blog.checkpoint.com/research/check-point-researchers-expose-critical-claude-code-flaws/ | https://research.checkpoint.com/2026/rce-and-api-token-exfiltration-through-claude-code-project-files-cve-2025-59536/
One Identity Appoints Michael Henricks as Chief Financial and Operating Officer
One Identity announces the appointment of Michael Henricks as Chief Financial and Operating Officer, reflecting continued business growth and a focus on aligning financial leadership with operational objectives. https://gbhackers.com/one-identity-appoints-michael-henricks-as-chief-financial-and-operating-officer/
Hackers Exploit Cortex XDR Live Terminal for C2 Communications
Hackers can repurpose the Cortex XDR Live Terminal feature as a stealthy command and control (C2) channel, turning it into a “living off the land” backdoor on protected endpoints. https://gbhackers.com/cortex-xdr-exploited/
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852
Critical vulnerabilities in Anthropic’s Claude Code allow attackers to achieve remote code execution and steal API credentials through malicious project configurations. https://research.checkpoint.com/2026/rce-and-api-token-exfiltration-through-claude-code-project-files-cve-2025-59536/
Fake Next.js job interview tests backdoor developer’s devices
The Microsoft Defender team discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials. https://www.bleepingcomputer.com/news/security/fake-nextjs-job-interview-tests-backdoor-developers-devices/
Critical Cisco SD-WAN bug exploited in zero-day attacks since 2023
Cisco is warning that a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN was actively exploited in zero-day attacks, allowing remote attackers to compromise controllers and add malicious rogue peers. https://www.bleepingcomputer.com/news/security/critical-cisco-sd-wan-bug-exploited-in-zero-day-attacks-since-2023/
AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.