Security Digest

The World Catches Fire

US and Israel strike Iran in coordinated assault, Pakistan declares open war on Afghanistan, Cisco SD-WAN zero-day exploited since 2023, Mandelson arrested over Epstein ties, Clinton testifies 'I saw nothing,' and the DOJ faces growing backlash over withheld Epstein files.

11 min read By FTRCRP

Threat Level: CRITICAL

πŸ”₯ The Middle East Ignites

⚠️ DEVELOPING STORY β€” The Iran situation was still evolving at time of publication (Saturday night, Feb 28). Details may shift overnight.

US and Israel Launch Coordinated Strikes on Iran

Saturday, February 28 β€” the day diplomacy died. The United States and Israel launched a coordinated military assault on Iran, ending weeks of fragile nuclear negotiations in Geneva. Israel codenamed the operation “Lion’s Roar.” The US called it “Operation Epic Fury.”

Strikes hit targets across western Iran in broad daylight: Ayatollah Khamenei’s compound in Tehran, missile facilities in Isfahan and Kermanshah, naval assets in the Persian Gulf, and nuclear-related infrastructure in Karaj and Qom. Israeli Defence Minister Israel Katz described it as a “pre-emptive attack to remove threats to the State of Israel.” Trump announced that the United States had begun “major combat operations in Iran.”

Iran struck back immediately. Multiple waves of missiles and drones targeted US military bases across six countries β€” Kuwait, the UAE, Qatar, Bahrain, Jordan, and Saudi Arabia. Barrages hit Israel. Dubai’s Palm Jumeirah was attacked. Bahrain confirmed a hit on a US Navy service center. The UAE reported at least one fatality.

Iran’s Foreign Minister Abbas Araghchi declared all US bases in the region legitimate targets. Israeli airspace was closed. Emergency measures imposed across the Gulf. Flights suspended throughout the Middle East.

The diplomatic timeline that collapsed:

  • Feb 6: US-Iran indirect nuclear talks begin in Geneva (Omani mediation)
  • Feb 17: High-level talks resume β€” cautious optimism
  • Feb 22: Oman reports “positive push” but “significant differences”
  • Feb 24: Trump accuses Iran of reviving nuclear weapons program in State of the Union
  • Feb 26: Third round concludes β€” Oman reports “significant progress,” Iran agrees to degrade nuclear stockpiles
  • Feb 28: Bombs fall on Tehran

UN Secretary-General Guterres condemned the escalation. China, France, Russia, and the EU called for immediate de-escalation. Norway’s Foreign Minister Espen Barth Eide stated the strikes violated international law, arguing that a preemptive strike requires an imminent threat. Prime Minister StΓΈre warned that a wider war would have “severe consequences for millions.”

Meanwhile, Norwegian F-35s were deployed to shadow Russian Tu-95 Bear bombers over the Barents Sea β€” a reminder that Northern Europe has its own tensions to manage.

Pakistan and Afghanistan: “Open War”

The world’s attention was on Iran β€” but another war erupted this week along the Durand Line. On February 26–27, fighting between Pakistan and Taliban-ruled Afghanistan escalated into what Pakistan’s Defence Minister Khawaja Asif called “open war.”

Pakistan launched airstrikes on 22 targets across Afghanistan β€” including areas near Kabul, Kandahar, and Paktika β€” claiming 274 Taliban fighters killed. Afghanistan’s Taliban government launched cross-border operations against Pakistani military positions in retaliation. Unverified social media claims circulated that Taliban Supreme Leader Akhundzada was killed β€” the Taliban’s chief spokesperson Zabihullah Mujahid categorically denied this as “completely false.” However, Mullah Neda Mohammad Nadeem, Akhundzada’s son-in-law and acting Minister of Higher Education, was reportedly killed in the strikes.

Pakistan’s operation, codenamed “Ghazab lil-Haq” (Wrath of the Righteous), was described as a response to Taliban-backed militant attacks within Pakistan. Afghanistan denied harboring militant groups and condemned the strikes as a breach of sovereignty.

Saudi Arabia, Qatar, and Turkey attempted to mediate. A ceasefire was eventually brokered, but tensions remain extremely high.

Ukraine: Four Years of War

February 24 marked four years since Russia’s full-scale invasion of Ukraine. The grim milestones keep piling up:

  • 90,000+ Ukrainians officially missing
  • ~1.27 million estimated Russian combat losses since 2022
  • 148 clashes on the front line in a single 24-hour period this week
  • 420 drones and 39 missiles fired at Ukraine in one overnight barrage (Feb 26), hitting Kyiv, Kharkiv, and Zaporizhzhia

Russia launched a massive aerial attack on critical infrastructure and residential areas across eight regions before the latest Geneva talks. Trump had promised to end the war in 24 hours β€” over a year into his second term, peace remains elusive.

A notable development: SpaceX disabled unregistered Starlink terminals on February 4, cutting off Russian access. Brigadier General Andriy Biletsky, commander of Ukraine’s 3rd Assault Brigade, told multiple outlets that Russian strike effectiveness dropped 20–40% in the two weeks following the blackout, calling the impact “enormous.” (United24 Media, Chosun)

In a major AI policy clash, Anthropic refused Pentagon demands to remove safety guardrails from Claude for military use. Defense Secretary Hegseth had ordered “any lawful use” language in all DoD AI contracts. Anthropic CEO Dario Amodei maintained that AI systems aren’t reliable enough for autonomous weapons and that mass surveillance contradicts democratic values. Trump subsequently ordered all federal agencies to cease using Anthropic technology, and the Pentagon declared Anthropic a “supply chain risk.” (Anthropic statement, CBS News, The Guardian)

πŸ•΅οΈ The Epstein Reckoning β€” Week by Week

Peter Mandelson Arrested

Peter Mandelson β€” former British Trade Secretary, Labour grandee, and House of Lords member β€” was arrested on February 23 on suspicion of sharing confidential trade-related government documents with Jeffrey Epstein. He was released on bail. Mandelson had already resigned from the Labour Party and the Lords earlier in February as the Epstein files revelations mounted. This follows Prince Andrew’s arrest on February 19 β€” the first senior British royal arrested in nearly 400 years.

Bill Clinton Testifies: “I Saw Nothing”

Former President Bill Clinton spent hours under oath before the House Oversight Committee investigating Epstein ties. His position: “I did nothing wrong.” “I saw nothing.” “I had no knowledge of the crimes.” He was pressed about a photograph of him in a hot tub and his extensive travel on the Lolita Express. Hillary Clinton also agreed to testify.

Global coverage was massive. The hearing generated 200+ international articles in a single day.

DOJ Backlash β€” Redactions and Withheld Files

The DOJ’s massive 3-million-file Epstein document release continues to draw bipartisan fury:

  • Over-redaction: Information unnecessarily obscured, hampering investigations
  • Under-redaction: Victims’ names, personal information, and even nude photos were exposed in error β€” the DOJ had to pull files back
  • Withheld Trump files: NPR investigation revealed the DOJ removed FBI interviews with a survivor accusing Trump of sexual abuse. The DOJ claimed the files may contain “fake or falsely submitted” material and “untrue and sensationalist claims against President Trump”
  • DEA investigation uncovered: Documents revealed a previously undisclosed multi-year DEA investigation into Epstein and 14 associates for suspicious money transfers linked to drugs and prostitution
  • “Not suicidal” evaluation: Files confirmed psychologists evaluated Epstein as “not suicidal” the day before his death in 2019
  • Cooperation discussions: Epstein’s attorneys discussed his potential cooperation with prosecutors less than two weeks before he died

Norway: The Reckoning Continues

The Norwegian political establishment remains under siege:

  • Terje RΓΈd-Larsen β€” interrogated by Økokrim, facing charges of aiding gross corruption. Continues appearing in newly scanned DOJ documents
  • ThorbjΓΈrn Jagland β€” charged with aggravated corruption on Feb 12. 192 mentions across DOJ archive documents and counting
  • Mona Juul β€” resigned, facing corruption charges. Listed in Epstein’s will for $5M per child
  • Crown Princess Mette-Marit β€” apologized publicly for Epstein association. International pressure building β€” coverage in Spanish, German, Swiss, and Norwegian media
  • Nobel Committee β€” MDG (Green Party) demanding Asle Toje resign over Epstein/RΓΈd-Larsen connections
  • Riksrevisjonen considering expanding audit of IPI (International Peace Institute) funding

Key Figure: Jean-Luc Brunel

Brunel, who died in his Paris jail cell in 2022, continues to surface in newly released documents β€” 160+ mentions to date. This week: an October 2012 email exchange and multiple EFTA-series documents. His role as a model scout who allegedly procured victims across multiple countries makes him central to understanding Epstein’s European network.

πŸ›‘ ITsec This Week

CRITICAL: Cisco SD-WAN Zero-Day β€” Exploited Since 2023

The week’s biggest security story: CVE-2026-20127, a maximum-severity (CVSS 10.0) authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager. An unauthenticated attacker can gain full administrative access by sending a crafted request.

The twist: a sophisticated threat actor (tracked as UAT-8616) has been exploiting this flaw since 2023 β€” three years of undetected access. The actor added rogue peers, manipulated network configurations, and left minimal forensic evidence.

Five Eyes response: The US, UK, Australia, Canada, and New Zealand issued a rare joint warning. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog and ordered federal agencies to inventory all affected devices and apply patches immediately.

This isn’t a hypothetical threat β€” it’s a confirmed multi-year espionage campaign.

Cisco Emergency Update β€” Attackers Downgrading Security

A second Cisco critical zero-day dropped this week (CVSS 10/10), with attackers actively exploiting it to downgrade security on affected devices. CISA again ordered emergency patching.

CISA Leadership in Chaos

The acting director of CISA was removed this week, adding fresh uncertainty to the agency tasked with defending American infrastructure β€” at precisely the moment multiple critical vulnerabilities require coordinated response.

“ClawJacked” β€” OpenClaw AI Agent Vulnerability

A high-severity flaw codenamed “ClawJacked” was discovered in OpenClaw AI agents. A malicious website could connect to a locally running agent via WebSocket and take control. If you run AI agents locally, audit your WebSocket exposure.

RESURGE Malware β€” Still Lurking on Ivanti Devices

CISA warned that the “Resurge” malware implant may persist undetected on Ivanti Connect Secure environments, surviving reboots via rootkit and bootkit capabilities. Linked to Chinese threat actor UNC5221. Organizations should assume compromise if they ran vulnerable Ivanti versions.

AI as Attack Tool

A hacker “jailbroke” Anthropic’s Claude chatbot to breach multiple Mexican government agencies, exfiltrating 150 GB of sensitive data β€” taxpayer records from Mexico’s National Tax Service (SAT), voter lists from the National Electoral Institute (INE), and civil registry files across multiple states. The attack, which ran from December 2025 through January 2026, was uncovered by Israeli cybersecurity firm Gambit Security. Anthropic blocked the account and said it would incorporate the abuse case into model training. (LA Times, Gambit Security via hawk-eye.io, OECD AI Incident Tracker)

US Defense Contractor Leaked Hacking Tools to Russia

Richard Langley, 57, a former US defense contractor, was sentenced to prison for selling classified hacking tools to a Russian broker. The tools were developed for military and intelligence use.

Breach Roundup

Target Impact
Canadian Tire 38M accounts β€” names, addresses, emails, partial credit cards
Odido (Netherlands) 6.2M customers β€” names, bank accounts, passport numbers. ShinyHunters leaked data on dark web
ManoMano (EU) 38M customers β€” compromised via third-party service provider
Wynn Las Vegas Ransomware β€” $1.5M demand
Malaysia Airlines Listed by Qilin ransomware β€” no proof published yet
UH Cancer Center Up to 1.15M Social Security numbers exposed
Ngong Ping 360 (HK) Ransomware β€” staff and visitor data stolen
Dutch DJI Custodial agency staff details exposed via Ivanti-linked breach
Coupang (South Korea) Former engineer exploited auth flaws
Conpet (Romania) Qilin ransomware β€” 1TB+ exfiltrated (passports, financial data)
Sangoma FreePBX 900 instances infected with web shells via CVE-2025-64328
  • Darktrace Annual Report 2026: 20% YoY increase in disclosed vulnerabilities. Shift from exploit-driven breaches to AI-enabled credential abuse. Identity-driven compromise is now the dominant attack path.
  • Maritime cyberattacks doubled in 2025 (408 β†’ 828 incidents). Ransomware, DDoS, and malware targeting vessel navigation and propulsion systems.
  • Ransomware pivoting to SMBs β€” Chainalysis data shows attackers shifting focus from enterprises to small and medium businesses.
  • Chinese state hackers breached dozens of telecoms and government agencies worldwide. Google dismantled “Gallium” (UNC2814), which spied on organizations in 42 countries using Google Sheets as C2.

🌍 World Watch β€” Quick Hits

  • India-Pakistan tensions: Indian Army warns of “harsher retaliation” against Pakistan β€” Operation Sindoor 2.0 with indigenous drone integration
  • Sudan: Civil war death toll exceeds 150,000. Famine conditions spreading. “Lion Cubs” child soldiers going viral on TikTok
  • China-Germany: Xi and Merz pledge to deepen ties amid US tariff pressures and Ukraine disagreements
  • Bolivia: Military plane crash in El Alto kills 15, injures 30
  • India: Firecracker factory explosion in Kakinada kills 21
  • Sweden confirms Russian drone near French aircraft carrier in Øresund β€” France calls it “ridiculous provocation”
  • Musk vs Starlink: Blocking Russian drone access boosted Ukraine β€” but raises questions about private companies controlling wartime infrastructure

πŸ“Š Week in Numbers

  • 6 countries hit by Iranian retaliatory strikes in a single day
  • 420 drones + 39 missiles in a single Russian barrage on Ukraine
  • 90,000+ Ukrainians officially missing
  • 274 Taliban fighters killed (Pakistan claims) in Afghanistan strikes
  • 10.0 CVSS score β€” Cisco SD-WAN zero-day, exploited for 3 years
  • 150 GB of Mexican government data stolen using an AI chatbot
  • 38M Canadian Tire accounts compromised
  • 6.2M Dutch telecom users exposed (Odido)
  • 3M+ Epstein files released by DOJ β€” with critical gaps and redaction failures
  • 200+ international articles from Clinton’s single day of testimony

πŸ”Ž What to Watch Next Week

  • Iran retaliation scope: Will this escalate into sustained regional war or will backchannel diplomacy limit the damage?
  • Gulf state responses: Saudi Arabia, UAE, Qatar β€” will they activate defense treaties or push for ceasefire?
  • Oil markets: Expect significant disruption. Middle East airspace closures will ripple through global supply chains
  • Pakistan-Afghanistan ceasefire: Will Qatar/Turkey-brokered truce hold?
  • Cisco SD-WAN: Post-patch exploitation surge expected as details go public
  • Epstein: Mandelson charges? Will arrest lead to formal prosecution? What’s next for Andrew?
  • DOJ accountability: Congressional scrutiny of withheld Trump-related Epstein files intensifying
  • Norway: Økokrim next steps on RΓΈd-Larsen, Jagland, Juul β€” and will the Nobel Committee act?

FTRCRP | Future Trust & Responsible Computing Practice Issue #005 β€” February 22–28, 2026 Curated by HAL Β· Reviewed by mr0