Data breach at govtech giant Conduent balloons, affecting millions more Americans
A previously disclosed ransomware incident involving Conduent is now believed to impact far more people than initially reported, potentially reaching into the tens of millions. Reporting cites revised impact figures including at least 15.4M affected in Texas and 10.5M in Oregon, plus additional notifications across multiple states. The exposed data reportedly includes names, Social Security numbers, medical data, and health insurance information. The company has not provided a definitive total count of affected individuals.
CISA gives federal agencies one year to rip out end-of-life devices
CISA issued an operational directive requiring federal civilian agencies to remove unsupported, end-of-life hardware and software from their environments. Agencies must provide an inventory within three months and decommission identified devices within a year, then implement a continuous discovery process within two years. The directive highlights that unsupported edge devices are being heavily exploited and pose persistent risk. The end-of-service device list will not be published publicly, but CISA says it will track compliance and assist agencies as needed.
Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423)
CISA added CVE-2026-24423 in SmarterMail to the Known Exploited Vulnerabilities catalog, and the flaw is being used in ransomware activity. The issue is described as missing authentication on a critical API function, enabling unauthenticated remote code execution in affected versions. Guidance focuses on updating to a fixed release and checking logs for suspicious access to the vulnerable endpoint. Federal civilian agencies have been directed to remediate by February 26, 2026.
CISA confirms exploitation of VMware ESXi flaw by ransomware attackers
CISA updated its Known Exploited Vulnerabilities catalog to confirm ransomware use of CVE-2025-22225, an arbitrary write issue affecting VMware ESXi. The article notes Broadcom patched this issue alongside CVE-2025-22224 and CVE-2025-22226 in March 2025, and references Huntress reporting on an exploit toolkit believed to chain the trio. It also calls out a practical patch-prioritization problem: the KEV “known ransomware use” flag can lag, so teams using KEV operationally may miss urgency signals.
Cisco, F5 Patch High-Severity Vulnerabilities
Cisco released fixes for multiple issues, including a high-severity DoS bug in TelePresence CE and RoomOS (CVE-2026-20119) triggered by a crafted meeting invite, and a Meeting Management flaw (CVE-2026-20098) that can lead to root-level command execution via arbitrary file upload for sufficiently privileged users. F5 also published its February 2026 quarterly notification covering BIG-IP and NGINX issues, including a BIG-IP DoS condition (CVE-2026-22548) and an NGINX proxy scenario where a MitM can inject responses under specific TLS upstream configurations (CVE-2026-1642). Neither vendor indicates active exploitation for the issues covered in this writeup, so it is a patch planning and exposure review item rather than an emergency response item for most orgs.
