Today’s cybersecurity landscape highlights a mix of persistent vulnerabilities, innovative attack techniques, and evolving accountability concerns that security teams and business leaders must navigate. From sophisticated exploit campaigns that have gone undetected for years to the use of blockchain technology by botnets, and from high-profile data breaches rooted in third-party failures to strategic device approvals for classified environments, this roundup covers critical developments shaping security priorities in 2026.
Third-Party Security and Breach Accountability
Marquis v. SonicWall Lawsuit: Who Bears the Blame?
A recent lawsuit involving FinTech company Marquis and firewall provider SonicWall has brought into focus the thorny issue of responsibility when breaches occur through third-party security vendors. Marquis alleges that SonicWall’s firewall was the vector for the breach, raising complex questions about liability and vendor risk management. This case underscores the necessity for organisations to rigorously vet and manage third-party security providers, as well as clearly define responsibilities in contracts. Business leaders must recognise that breaches often involve a chain of trust, and accountability can be legally and operationally complicated.
ManoMano Data Breach Affects 38 Million Customers
Similarly, the European DIY chain ManoMano disclosed a data breach impacting 38 million customers, caused by hackers compromising a third-party service provider. This incident reinforces the risks associated with supply chain security and the critical need for continuous monitoring of third-party environments. Security teams should prioritise vendor risk assessments and incident response integration with external partners to mitigate such threats.
Critical Vulnerabilities and Long-Term Exploitation
Cisco SD-WAN Zero-Day Exploited for Three Years
A maximum-severity zero-day vulnerability (CVE-2026-20127) in Cisco’s SD-WAN solution has been actively exploited for at least three years by an unknown, highly sophisticated threat actor. The prolonged exploitation with minimal traces highlights the challenges in detecting advanced persistent threats (APTs) and the importance of robust monitoring and threat hunting. Network security teams must ensure timely patching and leverage threat intelligence to identify subtle indicators of compromise.
Juniper Networks PTX Router Flaw Allows Full Takeover
Juniper Networks disclosed a critical flaw in its Junos OS Evolved running on PTX Series routers that could allow unauthenticated remote code execution with root privileges. Such vulnerabilities in core network infrastructure pose severe risks to business continuity and data integrity. Security teams should prioritise patch management for network devices and incorporate vulnerability scanning into their routine operations.
Trend Micro Apex One Remote Code Execution Vulnerabilities
Trend Micro patched two critical remote code execution (RCE) vulnerabilities in its Apex One endpoint security product. Given that endpoint solutions are frontline defences, vulnerabilities here are especially alarming. Organisations must keep security tools up to date and consider layered defences to limit exposure.
Innovative Attack Techniques: Blockchain-powered Botnets
Aeternum C2 Botnet Uses Polygon Blockchain for Resilience
Researchers revealed the Aeternum C2 botnet, which stores encrypted commands on the public Polygon blockchain, making takedown efforts significantly more difficult. By leveraging decentralised blockchain infrastructure, attackers achieve high resilience against traditional disruption tactics. This represents a new frontier in command-and-control techniques that security teams must monitor closely. Understanding blockchain’s dual-use potential is vital for anticipating and mitigating such emerging threats.
Data Exposure and Privacy Risks
Google API Keys Expose Gemini AI Data
Previously considered low-risk, Google API keys embedded in client-side code can now be used to authenticate to the Gemini AI assistant, potentially exposing private data. This shift illustrates how evolving service architectures and integrations can transform seemingly benign configurations into serious security risks. Developers and security teams should review API key management practices and implement strict access controls.
Strategic Device Approvals and Organisational Risk Awareness
Apple Devices Cleared for Classified NATO Use
Apple’s iPhone and iPad have been approved for classified NATO use and added to the NATO Information Assurance Product Catalogue. This endorsement reflects growing confidence in mobile device security and the importance of trusted platforms in sensitive environments. Organisations should consider similar rigorous evaluations when selecting devices for critical operations.
Olympique Marseille Cyberattack Confirmation
French football club Olympique de Marseille confirmed an attempted cyberattack following a data leak, highlighting that high-profile organisations across sectors remain attractive targets. Incident response readiness and communication transparency remain crucial for managing reputational and operational risks.
Four Risks Boards Cannot Ignore
A recent analysis emphasises that boardrooms must focus on risks that threaten business continuity rather than attempting to prevent every attack. This mindset shift to resilience and recovery is essential for aligning security investments with organisational priorities.
Key Takeaways
- Third-party vendors remain a significant security risk; clear accountability and strong vendor risk management are essential.
- Long-standing, undetected vulnerabilities in critical infrastructure highlight the need for enhanced threat hunting and continuous monitoring.
- The use of blockchain for botnet command-and-control represents a novel evasion technique requiring new detection strategies.
- API key exposure risks are evolving; secure management of credentials and access controls must adapt accordingly.
- Approval of devices for classified use underscores the importance of trusted hardware in sensitive environments.
- Board-level focus should shift from total prevention to ensuring business resilience and continuity.
- Prompt patching and layered security remain foundational to mitigating critical vulnerabilities.
Staying informed about these trends helps security teams and business leaders better prepare for a complex and evolving threat landscape.